Komodia's Redirector bug fixes

From Komodia
Jump to: navigation, search

This page keeps tracks of bug fixes in Komodia's Redirector, so you can follow it using RSS.

Contents

2017

August

Version 3.0.0.43

  • Proxy, added a fix to a situation where the intercepted app sends a small amount of data and closes the connection, the data could leak, and not go via the DLL/COM.
  • Proxy, added the ability to tell outgoing proxy settings (when outgoing proxy is set) to not try and extract the SNI from SSL sessions.
  • Added valve steam to the LSP hard coded exclusion list.
  • Added spoolsv to the LSP hard coded exclusion list.

April

Version 3.0.0.42

  • LSP, updated hardcoded exclude to exclude Lync on 64bit when Lync is installed to 64bit program files.

Version 3.0.0.41

  • SSL Digestor, if SNI is missing and there's a HTTP Connect, the host will be used instead of the missing SNI.

February

Version 3.0.0.40

  • COM framework, fixed a memory leak when using the Komodia Classification services.

Version 3.0.0.39

  • SSL Digestor, added support for sha384.
  • Added a fix for the changes in OCSP stapling support in LibreSSL.

2016

November

Version 3.0.0.38

  • WFP, added a skip to intercept for special ip6 scenario.
  • WFP, added interception when source address is not specified but destination is.
  • WFP, fixed proxy to set rules with AND for WFP.
  • WFP, added support for quic from Opera browser.

Version 3.0.0.37

  • Adjusted WD 32bit shutdown sequence.

October

Version 3.0.0.36

  • WFP, added exclude to system process.
  • Tweak to the classification fix from previous version.

September

Version 3.0.0.35

  • Classification, added another way to extract address when not available during POST.

Version 3.0.0.34

  • Socket controller will not assign sockets to a thread that currently is busy over one second.

Version 3.0.0.33

  • Adjusted possible code action leak with classification module which can cause undefined results.

Version 3.0.0.32

  • SSL Digestor, SSL3 apps/traffic will go through SSL rules before dropped.
  • WFP, fixed CIDR IP exclusion.
  • WFP, minor stability fixes.
  • WFP installer, adjusted OS detection routines.
  • LSP installer, adjusted OS detection routines.

Version 3.0.0.31

  • Added a printing service to LSP default exclude list.
  • Adjusted the SSL exclude handling of original intercepted app when WFP cascading is active.

August

Version 3.0.0.30

  • Fixed timing issue that may have random affect on slow systems.

Version 3.0.0.29

  • Update to the LSP PID fix.
  • WFP, adjusted to pass HLK test.

Version 3.0.0.28

  • Added sanity checks to COM framework DataContainer class.
  • LSP built with VS2015, adjusted static variable creation.

July

Version 3.0.0.27

  • Adjusted privilege call from last version, to work correctly across all OS.
  • Fixed a situation where the DLL/COM framework would not get PID using LSP.

Version 3.0.0.26

  • Fixed a bug in outgoing proxy that the connection hanged, when using WFP and DLL and the DLL peeked the data.
  • Changed privilege on call to extract username, to allow to get username under certain conditions that would fail in the current way.

June

Version 3.0.0.25

  • Improved shutdown sequence.
  • Updated code to ignore dhDefer when reply is complete.

May

Version 3.0.0.24

  • Outgoing Connect proxy, will now take SNI record from SSL sessions and use it at the connect string.
  • Adjusted init/unit sequence to remove unneeded calls.

Version 3.0.0.23

  • HTTP Parser, added the ability to adjust HTTP requests containing BR requests.

Version 3.0.0.22

  • SSL Digestor, LibreSSL updated to version 2.3.4
  • WFP, fixed IP4 over IP6 connection issue (failed to connect), added code to convert this connection, this is used by Java.
  • Adjusted sequence of socket thread shutdown for faster unload time.
  • SSL Digestor, first root CA will be created with start date of 24 hours before the install date, to avoid any timezone issues.
  • SSL Digestor, adjusted the way it handles default root CA.
  • SSL Digestor, added the ability to user LibreSSL certs.pem file for root CA validation, this will work from Windows 7 and above (default state is not in the code, you have to ask us to add it for you, or add: "#define LIBRESSL_COMPILE_LIST" to KomodiaProduct.h), this can be done in two ways: (disclaimer: you should go over the cert file before using it, Komodia took the file from the LibreSSL distribution as is, if you're not sure about how to use it, when, or where it came from, contact us)
    • Set custom variable libresslcerts to 1, save and restart the proxy.
    • Add: "#define LIBRESSL_DEFAULT_LIST" to KomodiaProduct.h

Version 3.0.0.21

  • LSP, removed .net fix for Windows 10, as the default version is not the LSP unfriendly one.

April

Version 3.0.0.20

  • Fixed a situation where a GET request would be tunneled via Connect proxy (only when setting a proxy in the SDK), and the GET would also be changed to a proxy like request.
  • Fixed a situation where proxy requests may go to the proxy without the proper modifications.

March

Version 3.0.0.17

  • Fixed a memory leak in the COM data management, which appeared mostly on calling save/load/clear.
  • Added support for VS2015.

Version 3.0.0.18

  • WFP8, brought back code to "guess" target IP/Port in case there's a bad WFP that deletes the WFP records.

Version 3.0.0.19

  • Updates to the code from version 3.0.0.18
  • Adjusted connection fix scenario for bad connections to WFP/LSP.
  • Fixed problem where LSP would interfere with VS debugger.

February

Version 3.0.0.6

  • DLL/COM Framework, fixed a bug that proxy settings would not be taken from the DLL/COM framework. (this was fixed correctly in 3.0.0.8)

Version 3.0.0.7

  • SSL Digestor, fixed a bug where certain empty fields would cause cert generation to fail.

Version 3.0.0.8

  • SSL Digestor, fixed a compilation bug in LibreSSL that would fail validation of root CA with expiration year after 2038.
  • Outgoing proxy, added ability to tunnel IPv6 addresses over IPv4 proxies (target proxy must support it).
  • Outgoing proxy, fixed correct setting via COM/DLL framework.

Version 3.0.0.9

  • SSL Digestor, fixed a bug that under certain conditions, threads would hang causing 100% CPU usage.
  • Fixed correct detection of Windows 10, under different compilers and the service pack for Windows 10.

Version 3.0.0.10

  • Fixed support for outgoing HTTP proxy.

Version 3.0.0.11

  • WFP, IPv6 disabled interception for localhost traffic.

Version 3.0.0.12

  • LSP, fixed a situation under certain conditions, memory would go up inside the intercepted application when downloading big files.

Version 3.0.0.13

  • SSL Digestor, fixed a minor memory leak.
  • SSL Digestor, disabled LibreSSL caching.

Version 3.0.0.14

  • LSP, fixed a bug that would cause connections in IE 11 to randomly fail to connect under certain conditions.

Version 3.0.0.15

  • LSP, fixed possible bugs based on code review that will cause undefined behavior with IE11.
  • HTTP Parser, web sockets are ignored when there's no DLL/COM framework active.

Version 3.0.0.16

  • SSL Digestor, upgraded LibreSSL to version 2.3.2
  • SSL Digestor, fixed a leak.
  • SSL Digestor, adjusted cache fix from version 3.0.0.13

2015

November

Version 3.0.0.0

  • Rewrite of socket module, main differences between previous version:
    • Thread number is constant (socket threadpool has 150 threads, this can be overridden at compile time).
    • Calls to callbacks are now guaranteed to be in the same thread per connection.
    • Removed limitation of 5 second max wait inside callbacks.
    • Any delay inside the callbacks will affect other connections managed by the same thread, so even though the limitation was removed, callbacks should not take long to exit.
    • SSL Digestor, thread is the same as the original socket.
    • Outgoing proxy, when using Hybrid and Hybrid SSL, it will not try to detect the type of content, it will treat port 80 as HTTP Proxy and all other ports as HTTP Connect (according to RFC proxy servers need to know how to handle this).
  • SSL Digestor, fixed a situation where a cert would be flagged as bad, while the cert itself is good.

Version 3.0.0.1

  • Added support for IPv6 for WFP for Windows 8 and above.
  • DLL and COM framework NewConnection callbacks adjusted to accommodate.

Version 3.0.0.2

  • Changed from OpenSSL to LibreSSL for better memory management.

Version 3.0.0.3

  • Modified API to facilitate IP6 for WFP:
    • DLL framework, to receive notification for IP6, you need to add the function NewConnection6 (implement it, and add to the .def file), the prototype is:
bool _stdcall NewConnection6(ContextDWORD& rContext,
			     bool bFromEncryption,
			     unsigned long usListeningPort,
			     unsigned long& rIP,
			     char* pIP6,
			     unsigned short& rPort,
			     const ProcessInformation& pPInformation,
			     const char* pPeekData,
			     unsigned long ulPeekDataSize,
			     unsigned long& rWaitMoreData,
			     ProxyInformation& rProxyInformation,
			     const char* pDNSEntry)

pIP6 - Is preallocated 16 bytes, and shouldn't be deleted.

    • DLL Framework, optional function to tell the SDK not to decrypt the SSL session, this function may be called before or after NewConnection:
bool _stdcall CanInterceptSSL(const char* pTLSName,
			      DWORD dwPID,
			      const ProcessInformation& pPInformation,
			      const char* pAddress,
			      unsigned short usPort,
			      ContextDWORD& dwContext);
    • COM framework, the main function was changed, and must be adjusted to intercept either IP4 or IP6:
HRESULT NewConnection(long lConnectionID,
		      long lFromEncryption,
		      long lPID,
		      BSTR bProcessName,
		      BSTR bUsername,
		      BSTR bDomain,
		      BSTR bIPString,
		      [in,out]long* lIP,
		      [in,out]BSTR* bIP6,
		      [in,out]long* lPort,
		      [in,out]long* lProxyModified,
		      [in,out]IProxyType* lProxyType,
		      [in,out]long* lProxyIP,
		      [in,out]long* lProxyPort,
		      [in,out]BSTR* pUsername,
		      [in,out]BSTR* pPassword,
		      BSTR bDNSEntry,
		      [in,out]FilteringType* pFilteringType,
		      [in,out]BSTR* bStringToStore,
		      BSTR bPeekData,
		      [in,out]long* lTimeout,
		      [out,retval]long* lAllow);

Version 3.0.0.4

  • SSL Digestor, fixed a bug where NewConnection would not be called to indicate switch to intercepted SSL decrypted stream.

Version 3.0.0.5

  • SSL Digestor, fixed a regression where under certain conditions, SSL would be decrypted but not forwarded to DLL or COM framework.
  • SSL3 is now blocked by default, since LibreSSL doesn't support SSL3, this feature can be disabled by settings the custom flag "ssl3" to 1, in that case if the server supports SSL3, it will go directly without decrypting.

August/September/October

Version 2.3.6.0

  • LSP, Fixed the IPv6 DNS interception to work correctly with x64 applications.

Version 2.3.6.1

  • SSL Digestor, fixed false positives on certain type of cert validation.

Version 2.3.6.2

  • LSP, fix for the .net 4.5.1 tweak on Windows 8.1

Version 2.3.6.3

  • LSP, more tweaks for the .net fixes (this is a major update)
  • SSL Digestor, will add RC4 to the cipher list, if browser supports it on first request.

Version 2.3.6.4

  • Ability to always enable RC4 regardless of the browser using the custom flag: sslrc4
  • Classification services, improved integration (for enabled versions).

Version 2.3.6.5

  • Updated save function to support Windows XP in various languages.

Version 2.3.6.6

  • WFP, made output more unique per compilation.

Version 2.3.6.7

  • SSL Digestor, improvement with cipher management.
  • SSL Digestor, improvement of cert caching.
  • SSL Digestor, improvement of downgrade caching.
  • SSL Digestor, HTTP Connect, improved support.
  • HTTP Parser, fixed a situation where a reply would not be parsed correctly.
  • Removed strings that some AV didn't like.

Version 2.3.6.8

  • Stability, fixed possible crash under high load.
  • Performance, redirector will drop idle connections under high load (this can only be disabled in compile time).
  • Performance, number of threads can be limited with a custom flag: maxthreads.

Version 2.3.6.9

  • Number of memory improvements.

Version 2.3.6.10

  • Number of memory improvements.
  • WFP, Win8/8.1/10 will now intercept special type of sockets that were not intercepted before.

Version 2.3.6.11

  • Number of memory and stability improvements, this is a major update.

Version 2.3.6.12

  • Further improving memory usage and stability.

Version 2.3.6.13

  • Reverted some of the memory/sockets fix, until rewrite of sockets module is complete.

June/July

Version 2.3.5.0

  • LSP, fixed heuristic detection of LSP installation (non Komodia related) during the installation phase.

Version 2.3.5.1

  • OpenSSL, upgraded to version 1.0.2c
  • LSP, will process mixed DNS resolve of IPv6 and IPv4 and keep only the IPv4 records.
  • SSL Digestor, cipher list between browser and proxy updated, old list didn't affect security, as the connection was local.
  • Disabled CRT showing errors with a message box.

Version 2.3.5.2

  • Minor fixes

Version 2.3.5.3

  • OpenSSL, upgraded to version 1.0.2d

Version 2.3.5.4

  • Adjusted DNS fix for Filezilla.

Version 2.3.5.5

  • Adjusted .ini management to survive upgrade to Windows 10.
  • Watchdog management, secured one COM function that could be called without the protection settings.

Version 2.3.5.6

  • More adjustments to the Windows 10 upgrade .ini survival.

Version 2.3.5.7

  • Fixed a bug in Windows 10 traffic interception that was a regression inside the proxy exe from version 2.3.5.5

April-June

Version 2.3.4.0

  • General fixes.

Version 2.3.4.1

  • General fixes.

Version 2.3.4.2

  • LSP, Fixed crashes to number of 64bit applications crashing in on Windows 7 and above.

Version 2.3.4.3

Version 2.3.4.4

  • General fixes.

Version 2.3.4.5

  • Changed LSP exports

Version 2.3.4.6

  • SSL Digestor, maintenance update.

Version 2.3.4.7

  • HTTP Parser, defer return value at HTTPRequestBeforeReply/NewReply will now place the data for inspection for chunked transfer.

Version 2.3.4.8

  • Added support for VS2013.

Version 2.3.4.9

  • LSP, fixed a situation correct socket control flow would fail when application specified incorrect length at bind.
  • .Net 4.5.1., adjusted fix to work for all apps (even excluded ones).
  • DLL Framework, fixed a situation where DLLQueryData will be called before PCInitialize.

Version 2.3.4.10

  • Fixed bug when old .ini file would not load correctly, and/or not deleted correctly.

Version 2.3.4.11

  • WFP, added a fix which caused error number 2 (or other types of errors) after stopping and starting the WFP, or trying to reinstall the WFP (the bug occured with newer version WFP, from version 2.3.3.8 and if the SSL Digestor is present).

March

Version 2.3.3.0

  • HTTP Parser, modified to not adjust header when doing dhModify at NewReply (or HTTPRequestBeforeReceive) at the full reply stage.
  • Security fixes as published here: Security fixes.

Version 2.3.3.1

  • Fixed a bug where UDP traffic would be blocked by LSP, mildly affects version without service interception, strongly affects services with service interception.
  • Adjusted cipher list to allow legacy servers.
  • Fixed TLS/SSL fallback lookup.

Version 2.3.3.2

  • General fixes.

Version 2.3.3.3

  • General fixes.

Version 2.3.3.4

  • SSL Digestor, General fixes for Windows 8.1

Version 2.3.3.5

  • General fixes.

Version 2.3.3.6

  • Fix to 32 and 64 bit WD to allow SDK to use Windows function to add new root CA. (the WD can be taken and mixed with previous version SDK)

Version 2.3.3.7

  • General fixes.

Version 2.3.3.8

  • General fixes.

Version 2.3.3.9

  • OpenSSL, upgraded to version 1.0.2a

Version 2.3.3.10

  • HTTP Parser, added a fix for ignoring web sockets.
  • DNS Hijacker, fixed crashes in Chrome x64 under Windows 8.1
  • LSP, RegisterLSP will now prefer ws2_32.dll over sporder.dll for better install success rate.
  • LSP, removed legacy code that may cause crashes with IE, and also take extra memory.

Version 2.3.3.11

  • Added fix for websockets exclusion at HTTPRequestBeforeSend/NewRequest level.

January/February

  • Released 15th Feb 2015

Version 2.3.2.0

  • Tweaks for Anti AV module.

Version 2.3.2.1

  • Added ability to send logs to Komodia's server, using the syntax: PCProxy /UploadLogs

Version 2.3.2.2

  • OpenSSL, Upgraded to version 1.0.1l (outgoing TLS1.2 enabled).
  • WFP, tweaked WFP installer to wait after service start.

Version 2.3.2.3

  • Added the ability (at compile time) to block QUIC protocol from the LSP.

Version 2.3.2.4

  • Fixed detection of other Komodia's SDK.

Version 2.3.2.5

  • OpenSSL, Upgraded to version 1.0.2 (only for x32 builds, OpenSSL x64 doesn't compile and is still 1.0.1l).

Version 2.3.2.6

  • DLL Samples, adjusted the way the DLL handles NewConnection and context creation, this is important when using proxy interception and/or the WFP.

Version 2.3.2.7

  • SSL Digestor, will now delete certificate from the Windows store when uninstalling the service.

Version 2.3.2.8

  • Fixed memory leaks.
  • Fixed possible crash when encountering HTTP 100 continue.
  • Improved detection of other Komodia's SDK, the SDK will validate the integrity of the installed SDK, if it's in a bad state (because of partial uninstall, removal by 3rd party like AV software) it will not indicate the SDK exists.
  • If WD is protecting the INI file and DataController::Save was called internally or externally, the SDK will add itself as a trusted PID to the WD (if another app was trusted, it will no longer be trusted).

2014

November/December

  • Released 31th Dec 2014

Version 2.3.1.0

  • DNS Hijack, fixed domain exclusion with IE 11.

Version 2.3.1.1

  • Added the ability to downgrade a site or IP to SSL3 via the table dtSSLDowngrade.

Version 2.3.1.2

  • SSL Digestor, tweaked support for bad/good TLS hosts, now it favors the TLS name instead of IP.
  • SSL Digestor, will now bypass a domain if one of the URL requested client certificate, this behavior is enabled by default, and can be disabled by setting the custom variable ssldisablecc to 1.
  • COM framework, will now perform one redirect in case there was a COM error, flags to control the behavior:
    • comredirectoncealways - Set to 1 if you want to redirect even if set disconnect on error was 1.
    • comdisableredirect- Set to 1 if you want to disable COM redirect.

Version 2.3.1.3

  • SSL Digestor, fixed a possible crash when installing cert.
  • SSL Digestor, fixed a bug where only port 443 was assumed for proxy connection (HTTP Connect) that wasn't to port 443.

Version 2.3.1.4

  • Install process now sets the service recovery to one restart per one day, this only affects new installs, not updates.

Version 2.3.1.5

  • Speed tweaks for faster downloads.
  • Speed tweaks for less CPU usage.

September/October

  • Released 10th November.

Version 2.3.0.0

  • Improved support for global proxies, specially for ad injection.

Version 2.3.0.1

Version 2.3.0.2

Version 2.3.0.3

  • HTTP Parser, tweaked behavior to return "connection: close" when the data was modified and the original header had "connection: close".

Version 2.3.0.4

  • OpenSSL, upgraded to version 1.0.1j.

Version 2.3.0.5

  • LSP, fixed some issues regarding getting the rules on computer start.
  • LSP, fixed a possible crash on computer start.

Version 2.3.0.6

  • Tweaked COM start/stop locations for better stability.
  • Fixed a situation where the LSP gets corrupted flags from proxy.
  • Default values inside SSL exclude for apps and domains was moved to an internal list, this allows to change the inverse of domain and application SSL exclude without regards to the default exclusion which will be handled internally.
  • Watchdog fixes: Komodia's Watchdog bug fixes#Version_2.3.0.6.

Version 2.3.0.7

  • SSL Digestor, will check if the site certificate is using SHA256, if so, it will create the dummy certificate using SHA256.

May-August

Released 1st September 2014

Version 2.2.9.0

  • Minor tweaks.

Version 2.2.9.1

  • WFP will delete shadow table in case shadow table was saved inside a pre made .ini that is deployed on target machines.

Version 2.2.9.2

  • Upgraded OpenSSL to version 1.0.1h for the latest seven bug fixes they introduced on 5th June 2014.
  • Updated the command line parameters /IsOtherInstalled and /IsOtherDetails.
  • Fixed a situation where the service can't be stopped gracefully (this affects only SDKs that are used for ad injection).

Version 2.2.9.3

  • HTTP Parser, added missing HTTP verbs, and adjusted DELETE verb to act as POST verb (this affected Trello).

Version 2.2.9.4

  • WFP, fixed a rare condition in which a 3rd party app removed the WFP records on Windows 8. The proxy will now try to figure out the target IP from the traffic.

Version 2.2.9.5

  • WFP, fixed a bug that raised an error (sometimes) when uninstalling the WFP.
  • AV evasion module, fixed AntiVir detecting the proxy, it discovered an assembler code that was in an old virus and wrongly flagged the proxy.

Version 2.2.9.6

Version 2.2.9.7

  • Adjusted the update replace feature to work better on slow machines.

Version 2.2.9.8

  • Fixed a bug with HTTP Parser when changing response header via DLL.

Version 2.2.9.9

  • SSL Digestor, rewrite of the certificate installer for FireFox and Opera to process unicode usernames correctly, and to install certificate to new users while the is running (only after the Firefox was closed).

Version 2.2.9.10

  • OpenSSL, upgraded to version 1.0.1i
  • Anti AV module, added some tweaks to avoid detection.
  • AV tweak change that affects all version.
  • Important - Because of the AV tweak change, when upgrading the LSP, the RegisterLSP to use is the latest one as well, old versions will not be able to install the new LSP, new versions will be able to install previous versions.
  • Important - If using the RegisterLSP in DLL form, the software must upgrade to the latest RegisterLSP DLLs.

January-May/December(2013)

Release: 10th May 2014

Version 2.2.8.0

Version 2.2.8.1

  • Added new samples to use the new Ad Injection features.
  • Fixed a bug in the DLL Manager that will accept the return value dhrModifyBodySDKAdjustHeader from HTTPDataBeforeReceive from the DLL framework.
  • Added the ability to save data to file from the COM data container.
  • Added the ability to do string search and HTML search on the COM data container.

Version 2.2.8.2

  • Proxy will close idle connections from browsers, after a certain timeout, the more active connections there are, the less the timeout will be. For 500 connections the timeout is 15 seconds.
  • New feature: Komodia's Redirector new features#Version 2.2.8.2.

Version 2.2.8.3

  • Added Windows 8.1 detection.
  • SSL Digestor, added a workaround for a situation that a popular CDN cert is served incorrectly by the servers and not verified correctly by Windows 8.1 API.

Version 2.2.8.4

  • Added detection for latest SQL server library DLL.

Version 2.2.8.5

  • LSP, fix for a condition that WSPGetOverlappedResult would not behave correctly when there's a NULL event.
  • LSP, test fix for the "SetFileCompletionNotificationModes" LSP bug (that MS created) that affects SQL server connections mostly.

Version 2.2.8.6

  • SSL Digestor, IPs can be now used with the SSL exclude list.
  • SSL Digestor, the SSL Digestor can be disabled using the flag ssldisable.

Version 2.2.8.7

  • SSL Digestor, Fixed the disable mode for the Digestor and apps when a user proxy exists.

Version 2.2.8.8

  • Fixes for the SetFileCompletionNotificationModes bug fix for 64bit OS.

Version 2.2.8.9

  • Added number of development processes to Windows 7 exclusion list.
  • Adjusted the WD registry protection entries.

Version 2.2.8.10

  • WFP, fixed a bug where rules would not upload to the WFP correctly after removing entries from the interception rules.

Version 2.2.8.11

  • DNS module, fixed a bug with DNS interception and IE11.

Version 2.2.8.12

  • DNS module, additional fixes for DNS interception and IE10 on Windows 8.

Version 2.2.8.13

  • Added Hyper-V for Windows 8 to the Windows exclude list.

Version 2.2.8.14

  • HTTP Parser, can now handle bad replies from servers that contain the same header more then once.

Version 2.2.8.15

  • WFP, will provide original redirected process name in case of cascading proxies.
  • WFP, will apply rules to redirected traffic by other cascading proxies.
  • SSL Digestor, fixed proxy redirection that was set by DLL/COM framework.
  • SSL Digestor, added a path for Opera x64 root CA store.

Version 2.2.8.16

Version 2.2.8.17

  • Adjusted the dynamic FF cert installer, to only be active if there's a static FF already installed.

Version 2.2.8.18

  • LSP, will correctly detect NETWORK SERVICES under Vista and above.
  • LSP, fixed a bug that under some conditions IP never intercept list would not work.
  • DNS Hijack, fixed crashes on IE8 under Windows7.
  • SSL Digestor, cert cloning will now use original cert start date.
  • SSL Digestor, each cert that isn't used for 3 hours will be deleted from cache.

Version 2.2.8.19

  • SSL Digestor, fixed a regression bug which caused it not to work with WFP.
  • Other SDK detection command will only write details if the file detected actually exists.
  • Adjusted fix to the SetFileCompletionNotificationModes bypass.

Version 2.2.8.20

  • WFP installer, will now check if the service is in running mode, if it's not running it will try to start it and wait 20 seconds for it to start. If it's in pending start it will wait 20 seconds for it to become started. If service did not start within 20 seconds, WFP installer will exit with an error.
  • Proxy setting, fixed a bug which you couldn't remove a proxy using the COM Framework inside NewConnection.

Version 2.2.8.21

  • LSP Installer, fixed a rare bug on Vista that occurred when another LSP was present, a scenario option was chosen and NetBIOS have LSP entries.
  • Various tweaks

Version 2.2.8.22

  • Upgraded OpenSSL to latest version with the heartbleed fix.

Version 2.2.8.23

2013

September/October/November

Released: 29th November 2013

Version 2.2.7.0

  • Fixed a bug with LSP installer not writing the correct path.

Version 2.2.7.1

  • Added new software to the hard exclusion list inside the LSP.

Version 2.2.7.2

  • Added the ability to add a custom root CA to the load list for cases where a custom root CA is not loaded by the API (set the flag rootca to the location of the custom .pem file)

Version 2.2.7.3

  • Watchdog default rules will now detect if WFP and/or LSP are installed and add the relevant protection rules.
  • WFP Installer will not install/uninstall if Watchdog is active with rules.

Version 2.2.7.4

  • SSL Digestor, fixed a bug where SSL session would not be decrypted under high loads.

Version 2.2.7.5

  • HTTP Parser, fixed a bug that under certain condition deflate compression would not open fully.

Version 2.2.7.6

Version 2.2.7.7

  • Minor tweak to performance regarding GZIP inflate.

July/August

Version 2.2.6.0

  • Added new flag to HTTP Parser: dhrDontDoParentalAndModify

Version 2.2.6.1

Version 2.2.6.2

  • Fix to the WFP CIDR feature.

Version 2.2.6.3

  • Added support for HTTP verb "Search"

Version 2.2.6.4

  • SSL Digestor, upgraded to NSS 3.14.3.0 and NSPR 4.9.5.0

Version 2.2.6.5

  • SSL Digestor, treats explorer.exe to be like iexplore.exe, for Windows 8.1 Metro search.
  • TLSv1.2, fixed SNI detection.

Version 2.2.6.6

  • Increased timeout wait for /Replace install mode.
  • Proxy will try to terminate any running proxies during install/uninstall to avoid the possible creation of zombie services.
  • Fixed memory leak when using RequestBase64 from DataContainer COM object.

Version 2.2.6.7

  • Rollback in SSL Digestor NSS & NSPR to previous version because a bug in the package.

May/June

Released: 30th June 2013

Version 2.2.5.0

Fixes:

  • Fixed a bug that would cause bad parameter parsing while installing the service from a directory that contains the character "-".

Version 2.2.5.1

Fixes:

  • SSL Digestor, added support for multihomed certificates.
  • WFP, added a security counter measure against end user bypass.

Version 2.2.5.2

Fixes:

  • HTTP Parser, fixed a situation where the COM interface will receive data with POST in the information string.
  • WFP, added a functionality to exclude/include CIDR addresses (for example 192.168.0.0/16).

Version 2.2.5.3

Fixes:

  • WFP, will now load at networking safe mode.

Version 2.2.5.4

Fixes:

  • HTTP Parser, will not try to assemble "HEAD" request that came with content-size header.
  • SSL Digestor, will ignore NSS shutdown error.

Version 2.2.5.5

Fixes:

  • WFP, Changed behavior on Windows Vista/7 will not redirect traffic if rules are active but proxy is not running.
  • COM Framework, fixed a bug which affected base64 modification of traffic.

Version 2.2.5.6

Fixes:

  • LSP, fixed a bug where the LSP might crash in case SQL server dlls are loaded.
  • LSP, Added VS remote debugger to LSP exclude.

March/April

Released: 20th Apr 2013

Version 2.2.4.0

Fixes:

Version 2.2.4.1

Fixes:

Version 2.2.4.2

  • Fixed the method IsLSPInstalled on Vista and above to work after a fix that caused the SDK to bypass all LSPs.
  • Splitted the method IsLSPInstalled into two methods: IsLSPInstalled32 and IsLSPInstalled64, and fixed the detection of 64 bit LSPs from 32bit PCProxy.

Version 2.2.4.3

Version 2.2.4.4

  • Changes to WFP, can't be stopped with SC command.

Version 2.2.4.5

  • Fixed a bug that the IsInstalled and IsOtherInstalled command parameters were not detected correctly.
  • LSP will bypass itself on Vista and above if MSSQL DLLs are loaded.

January/February

Released: 10th Feb 2013

Version 2.2.3.0

Fixes:

Version 2.2.3.1

Fixes:

  • HTTP Parser, fixed a problem where content-length updates would update a field that contains it (for example old-content-length).

Version 2.2.3.2

Fixes:

  • RegisterLSP, fixed Windows 8 detection, this does not affect functionality, only writing the correct OS to the logs.
  • RegisterLSP, Added one more LSP configuration of Windows 8.
  • Fixed a bug with 64bit PCProxy version that would not save offline file to SysWOW64 directory.

Version 2.2.3.3

Fixes:

  • WFP (Windows 8), Kaspersky upgraded their product to full WFP, and the fix was to Komodia's WFP to work with theirs (for KAS Internet protection, not for KAS Pure which is still conflicting, but it's not supporting Windows 8, their new beta Pure is working with the SDK)

Version 2.2.3.4

Fixes:

  • Added AVG update service to hard exclude list.
  • Change to WD: Komodia's Watchdog bug fixes#Version 2.2.3.4.
  • PCProxy now detects network interface change and will reset internal DNS cache (which may be used by using the proxying feature).

2012

November/December

Version 2.2.2.0

Fixes:

  • HTTP Parser, fixed issues with modifying POST data.
  • DNS hijack, Windows 8 - adjusted the way it works for x64 and IE10.

Version 2.2.2.1

Fixes:

  • WFP, fixed data handling for invert flags and during install.
  • WFP, 127.0.0.1 is now hard excluded at the WFP code.

Version 2.2.2.2

Fixes:

  • Removed service event logging to the event manager, because there's no message translation DLL, it seems to annoy some people.
  • Changed the way threads wait for job, should reduce CPU footprint on slow machines.
  • OpenSSL, upgraded to version 1.0.1c
  • HTTP Parser, fixed a bug where GET would not be processed correctly.
  • WFP, Added a fix for compatibility with Avast on Windows 8 x64.
  • WFP, Added a fix for the Windows 8 cascading proxy mechanism.

Version 2.2.2.3

Fixes:

  • HTTP Parser, added a fix to the fix of 2.2.2.2
  • HTTP Parser, added a fix to a scenario where data would come on the same connection after POST, not according to the HTTP standard.
  • SSL Digestor, added Mozilla update server to SSL exclude list, so Firefox will be able to update itself.

Version 2.2.2.4

Fixes:

  • HTTP Parser, added a fix to POST from the fix of 2.2.2.3
  • HTTP Parser, added a specific POST fix to Opera.
  • LSP, fixed a problem with automatic exclusion of SpoolSv on certain configurations.

Version 2.2.2.5

Fixes:

  • WFP, Will delete driver after uninstall.
  • WFP, Will remove read only attributes to WFP file if exists before install so copy overwrite will be successful.
  • WFP, Improved WFP behavior with Avast.
  • SDK service install, new option to disable safe mode: Komodia's Redirector installation guide#NoSafeMode.

Version 2.2.2.6

Fixes:

  • LSP, Calls to get the base handle of the socket will be receive an error instead of the handle, this is to disable bypassing of the LSP.

Version 2.2.2.7

Fixes:

  • Added special mechanism to the SDK proxy so Avira LSP will not be loaded for the proxy, this is needed when they're using LSP on Windows 8.

Version 2.2.2.8

Fixes:

Version 2.2.2.9

Fixes:

  • HTTP Parser, fixed a situation where POST request would be either truncated, or sent partially.
  • WFP, adjusted the update process to shut down the WFP, replace the driver and restart the WFP.

September/October

Version 2.2.1.0

Fixes:

  • SSL Digestor, now works with proxy that are configured in the SDK.
  • Various fixes for memory leaks, and crashes that occurred in random.

Version 2.2.1.1

Fixes:

  • SSL Digestor, added a fix for post not handled correctly.
  • WFP, fixed the WFP timeout handling of IE.
  • Various fixes based on static code review.

Version 2.2.1.2

Fixes:

  • WFP, first version with Win8 support.

Version 2.2.1.3

Fixes:

  • SSL Digestor, upgraded to NSS 3.13.60 and NSPR 4.9.2.0
  • SSL Digestor, when using a proxy, module will try to use the host name in the connect request (if it's available via SNI).

Version 2.2.1.4

Fixes:

  • Improved previous fix for partial posts under FF.

Version 2.2.1.5

Fixes:

  • Fixed a bug where certain protocols would not work with WFP on Windows 8.

Version 2.2.1.6

Fixes:

  • Added __try to LSP_BLOCK code and Win32Thread.
  • Fixed a problem the CHTTPHeader would not report https:// URLs.
  • WSA methods used to set WFP sockets will now report correct error codes.
  • Fixed LSP to work with MS ISA Client.
  • RegisterLSP sporder.dll behaviour changed:
    • Will try to load from global path.
    • If failed, will try to load from user's temp.
    • If failed, will extract to user's temp and load.
    • If failed, will try get the method from ws2_32.sll.

Version 2.2.1.7

Fixes:

  • Fixed a problem that was created in version 2.2.1.6 in regards to hard exclude.

Version 2.2.1.8

Fixes:

  • Fixed a problem where a bad web server would terminate HTTP reply with \r\n\r (missing the last \n).

Version 2.2.1.9

Fixes:

  • SSL Digestor, Adjusted IE SSL wait timeout to be 10 seconds.
  • SSL Digestor, If SSL session was a "run away" and managed to get past the decryption process, the connection will be dropped and it will be written in the SDK log.

July / August

Version 2.2.0.0

Fixes:

  • Added a fix for bad sites that doesn't terminate with \r\n\r\n when sending 302 redirects.
  • Tweak memory handling when coming out of sleep.

Version 2.2.0.1

Fixes:

  • SSL Digestor, now intercepting TLS1.1 and TLS1.2

Version 2.2.0.2

Fixes:

  • SSL Digestor, increased timeout waiting for SSL handshake.
  • SSL Digestor, SNI exclude, changed domain detection to behave like wildcard (google.com would exclude gmail.google.com)

Version 2.2.0.3

Fixes:

  • SSL Digestor, SSL Exclude will also work with SSL Sessions that doesn't use SNI.

Version 2.2.0.4

Fixes:

  • SSL Digestor, upgraded to NSS 3.13.50 and NSPR 4.9.1.0

Version 2.2.0.5

Fixes:

Version 2.2.0.6

Fixes:

  • WFP, will close idle IE connections after 40 seconds.

Version 2.2.0.7

Fixes:

  • Fixed a problem that caused the SDK to crash after computer was brought back from sleep.

Version 2.2.0.8

Fixes:

  • SSL Digestor, fixed registry keys leaks.
  • SSL Digestor, adjusted timeout for Chrome, which caused problems with SSL interception.
  • ExtractHostFromTLS method was moved to its own .h file so clients can use it.

May/June

Release date: 2th July 2012

Version 2.1.9.0

Fixes:

  • WFP - Fixed a bug where hard include/exclude were not affecting WFP.

Version 2.1.9.1

Fixes:

  • Service install process adds PCProxy service to allowed safe run processes, so SDK can now run in safe mode.
  • Fixed a bug in the WFP that caused it to handle mail and SSH protocols incorrectly.

Version 2.1.9.2

Fixes:

  • Added no cache HTTP header to 302 HTTP Redirects.
  • Fixed a problem where multiple tabs in FF would stall.

Version 2.1.9.3

Fixes:

Version 2.1.9.4

Fixes:

  • Added a workaround for a bug with Microsoft components, .Net port sharing (part of WCF) on Windows 7 64 bit doesn't work when loading a LSP (any LSP), the workaround now allows the service to work, two important remarks:
    • The default state of this service is disabled so it's not so wide spread.
    • The fix only works with .Net 4, if the machine uses .Net 3, it must be upgraded to 4.
    • Restart of the computer or of the service (Net.TCP port sharing) will allow the settings to take place.

Version 2.1.9.5

Fixes:

  • SSL Digestor, added another error scenario to fallback to SSLv3.

Version 2.1.9.6

Fixes:

  • Adjusted the safe mode fix.

Version 2.1.9.7

Fixes:

Version 2.1.9.8

Fixes:

  • DNS hijack, fixed a bug where a connection that was not intercepted still used the hijacked DNS.
  • DNS hijack, IPv6 requests are intercepted and receive IPv4 replies (valid for anon mode only).
  • HTTP Parser, fixed a bug where dhModify flag would not work at HTTPRequestBeforeReceive with bServerCheck==true.

Version 2.1.9.9

Fixes:

  • Added OS detection for Win8.
  • Added WFP/LSP install advisor.

March/April

Release date: 3th May 2012

Version 2.1.8.0

Fixes:

  • Upgraded to OpenSSL 1.0.1
  • SSL Digestor - Added a workaround for outdated sites that don't know how to handle TLS, after the first attempt the module will fallback to SSLv3 connection, and will cache the IP and will use SSLv3 for all subsequent connections to that IP. Because the problematic server doesn't support TLS tickets, it will only host one SSL site on that IP.
  • SSL Digestor - Fixed a problem that a certificate with a long company name (not issuer name) would not be duplicated, if the duplication fails because of the company name the module will use the string "Empty" instead of the original company name.

Version 2.1.8.1

Fixes:

  • Fixed a problem with Panda that may crash the SDK.
  • New method added to the class CClientCustomizations, if you use it, make sure you copy that method (IsActive).

Version 2.1.8.2

Fixes:

  • HTTP Parser - Added support for: OPTIONS, PROPFIND, REPORT.
  • OpenSSL, patched version 1.0.1 with suggested fix that will not affect sites that doesn't support TLSv1.2
  • SSL Digestor - Changed prefix of certs that couldn't be verified to be shorter to avoid failure on long names.

Version 2.1.8.3

Fixes:

  • Added checks for application resource name to three check locations, to protect against process renames.

Version 2.1.8.4

Fixes:

  • Additional SSL Digestor compatibility fixes.
  • Changed HTTP Authentication to a different case, to support bad proxy servers.
  • Fixed CPU usage when SDK is on manual start.
  • Watchdog fix: Komodia's Watchdog bug fixes#Version_2.1.8.4.

Version 2.1.8.5

Fixes:

  • Upgraded to OpenSSL 1.0.1a

Version 2.1.8.6

Fixes:

  • SSL Digestor, Added support for Firefox Mobile, the SDK will install the cert once Firefox has exited.
  • SSL Digestor, Added Google Drive Sync to SSL exclude list.

Version 2.1.8.7

Fixes:

  • HTTP Parser - Tweaked support for: OPTIONS, PROPFIND, REPORT.
  • WFP - Fixed a crash in SDK when saving rules.

Februray

Release date: 28th Feb 2012

Version 2.1.7.0

Fixes:

  • DNS hijack, fixed a scenario where resolving an IP address would be DNS intercepted.
  • Added the ability to decode traffic before sending to socks5 server (socks5 will see encrypted data).
  • Fixed handling of event enumerations in LSP.
  • SSL Digestor will not try to install FF/Opera/Thunderbird certs if the program are opened when the Redirector is running, you need to make sure you close those programs during install, or reboot after installation.

Version 2.1.7.1

Fixes:

  • Fixed a bug in RegisterLSP when trying to use manual install.
  • WFP - After uninstall, and install all the current settings will update the WFP automatically.
  • WFP - After install, if there were any interception settings, they will be sent to the WFP automatically.
  • New feature: Komodia's Redirector new features#Version_2.1.7.1.

Version 2.1.7.2

Fixes:

  • DNS hijack - Added support for "trusteer rapport" with Chrome.
  • SSL Digestor - Upgraded NSS library to version 4.8.9 and NSPR library to version 3.13.1
  • HTTP Parser - Added support for PUT operations, and it is treated as POST.
  • HTTP Parser - If data was decoded (GZIP/Inflate/Chunk) the reply to the browser will be decoded regardless if the reply was modified or not, this is to save CPU time at the browser side.

Version 2.1.7.3

Fixes:

Version 2.1.7.4

Fixes:

Version 2.1.7.5

Fixes:

  • Added Logmein apps to hard exclude, Logmein doesn't allow to be SSL Digested.
  • DNS hijack - Fixed the bug that occurred when a link was clicked from an external app and IE would have opened (error message box).
  • Watchdog fix: Komodia's Watchdog bug fixes#Version_2.1.7.5.

January

Release date: 12th Jan 2012

Version 2.1.6.0

Fixes:

  • Added TM service to exclusion list.
  • Fixed handling of event enumerations in LSP.

Version 2.1.6.1

Fixes:

  • Changed two redirect commands from meta-equiv to HTTP 302 redirect.
  • Adjusted thread anticipation/deletion to be spread across time rather then in a spike, this to avoid spiking the CPU and drawing attention to the proxy.

Version 2.1.6.2

Fixes:

  • Tweaked the WOW loader fix so it will not affect the new star wars game loader.
  • Fixed a crash in WOW under Vista.

Version 2.1.6.3

Fixes:

  • Improved CPU performance for HTTP Parser, traded it off for memory, memory footprint may be 4mb larger.

Version 2.1.6.4

Fixes:

  • Reduced socket deletion timeout.
  • Fixed a bug in CHTTPHeader when setting a new URL.
  • Updated the shared code in the DLL samples.

2011

November

Release date: 30th Nov 2011

Version 2.1.5.0

Fixes:

  • Fixes a situation that the WFP would not work after uninstalling and installing it again.

Version 2.1.5.1

Fixes:

  • Adjusted the LSP to handle FF 7.0 new non standard behavior.
  • Fixed a race condition in SSL Digestor that may cause cert store to not load correctly.
  • Fixed a validation bug with SSL Digestor and Opera, in case the cert chain intermediate authority can't be validated, it will defer the check to MS Crypto.

Version 2.1.5.2

Fixes:

  • Adjusted the cache control to work around IE8 nonstandard behavior that may cause file download to hang.

Version 2.1.5.3

Fixes:

  • Tweaked the FF 7.0 fix.
  • Tweaked the IE8 cache fix.
  • Lowered LSP thread count.
  • Added SQL server to hard excluded apps.

Version 2.1.5.4

Fixes:

  • Added support for built in OpenSSL MT functions.

Version 2.1.5.5

Fixes:

  • Fixed a bug that may crash the Redirector with header processing methods, if you are using CHTTPHeader in the DLL, make sure you update it from the sample files.
  • Added a feature that WFP will not intercept services when Redirector is set not to intercept services.
  • Fixed a bug that may slow SSL Digestor on computers that are connected to a domain server.
  • Fixed a bug in the HTTP Parser that would sometime not process POST correctly with Opera.

September/October

Version 2.1.4.X

Release date: 31th Oct 2011

Version 2.1.4.0

Fixes:

  • Changed install order to accommodate Sophos LSP non compatibility.
  • RegisterLSP, cosmetic fix to some print outs.
  • Upgraded to OpenSSL 1.0.0e, x86 compiled using nasm for better performance.

Version 2.1.4.1

Fixes:

  • Since OpenSSL 1.0.0 and above doesn't support SSLv2, this option has been removed for added compatibility with existing SSLv3 sites.

Version 2.1.4.2

Fixes:

  • Fixed a bug with UDP module global IPs not to intercept.
  • Improved HTTP pipeline memory foot print.

Version 2.1.4.3

Fixes:

  • Fixed a missing \n for partial posts.

Version 2.1.4.4

Fixes:

Version 2.1.4.5

Fixes:

  • HTTP Parser, fixed a situation where the reply will not be processed if the server sent more data then it should.

Version 2.1.4.6

Fixes:

  • HTTP Digestor, fixed a bug when incoming cert had generalized time.
  • HTTP Digestor, fixed a bug regarding disconnects.

Version 2.1.4.7

Fixes:

  • Reverted a fix under 2.1.4.1 that caused www.gmail.com to not work. SSLv2 sites are not supported anymore for the SSL Digestor.
  • Fixed a situation under Windows 7 that the FF master cert file would not load.

Version 2.1.4.8

Fixes:

  • SSL Digestor, various fixes regarding connecting behind a proxy not set inside the SDK.

Version 2.1.4.9

Fixes:

  • SSL Digestor, fixed number of bugs relating to working with a proxy defined at the browser level.
  • Fixed a bug where OpenSSL would crash when exiting.
  • Fixed a collision with "FF TMG" by Microsoft.

August

Version 2.1.3.X

Release date: 31th Aug 2011

Version 2.1.3.1

Fixes:

  • SSL Digestor, fixed a problem that can affect performance.
  • SSL Digestor, fixed a problem that would cause a crash under certain conditions.
  • LSP, fixed a problem with the 64bit version, problem that might affect certain applications.
  • HTTP Parser, fixed a bug that caused a crash when sending a HTTP request to a non HTTP server.

Version 2.1.3.2

Fixes:

  • SSL Digestor, fix for Windows 7 SP1, now root certs can be downloaded on the fly from Microsoft.

Version 2.1.3.3

Fixes:

Version 2.1.3.4

Fixes:

  • RegisterLSP, fixed a problem with 64bit version and LSP reorder that would fail.
  • RegisterLSP, fixed a problem with reporting success when there was a partial failure.
  • RegisterLSP, fixed LSP exclusion.
  • RegisterLSP, LSP deletion by name is no longer case sensitive

Version 2.1.3.5

Fixes:

  • Performance fix, the SDK creates 50 threads on stand by.

Version 2.1.3.6

Fixes:

  • HTTP Proxy, tweaked a recent fix for Internet Explorer 9 and Chrome 12

Version 2.1.3.7

Fixes:

  • Added support for Opera 12 HTTP pipeline.

July

Version 2.1.2.X

Release date: 27th July 2011

Version 2.1.2.0

Fixes:

Version 2.1.2.1

Fixes:

  • Tweaked sockets buffer size for increase performance.

Version 2.1.2.2

Fixes:

  • Adjusted LSP internals for possible improvement.
  • Fixed a bug in the LSP that sometimes occurred on Win7 for applications that binded their socket when connecting out.
  • Cache control, adjusted for better compatibility.

Version 2.1.2.3

Version 2.1.2.4

  • Fixes to HTTP Parser that would not change data properly inside HTTPRequestBeforeReceive, when sending dhModify and modifying only the body.

Version 2.1.2.5

  • Fixed a bug (that exists in the default LSP Sample) that caused Safari 5.1 and iTunes 10.5 to hang with high CPU usage.
  • Fixed a bug (that exists in the default LSP Sample) that caused WOW 4.2 to sometimes hang.

Version 2.1.2.6

  • Added a workaround for a bug that occurred when a software uses inet_ntoa not according to standard.
  • SSL Digestor adjusted for the new Safari 5.1 Webkit change.
  • Fixes to the Watchdog: Komodia's Watchdog bug fixes#Version_2.1.2.6.

June

Version 2.1.1.X

Release date: 30th June 2011

Version 2.1.1.0

Fixes:

Version 2.1.1.1

Fixes:

  • Fixed a bug with the HTTP parser that would not build data correctly under certain conditions when using the flag hrNothing.
  • Fixed a bug with the header parser API, now the header can process data from old servers that use \n\n instead of \r\n\r\n.

Version 2.1.1.2

Fixes:

  • Fixed a problem with Bind for Java on Windows7 that was introduced in version 2.1.0.5

Version 2.1.1.3

Fixes:

  • Fixed a crash that would occur when using the built in header filter and HTTP parser module.

Version 2.1.1.4

Fixes:

  • Fixed a problem with the WFP that conflicted with the SSL Digestor.

Version 2.1.1.5

Fixes:

  • Fixed a problem with OpenSSL compatibility that caused outdated servers to not work with the SSL Digestor using the SSL_OP_NO_TICKET flag which disables TLS ticket extension.

Version 2.1.1.6

Fixes:

  • Fixed a bug with TLS detection with the SSL Digestor.
  • Added support for TLS SNI.

Version 2.1.1.7

Fixes:

  • Upgraded SSL Digestor Mozilla libraries to: NSPR 4.8.8.0, NSS 3.12.10.0 (make sure to use new NSS DLLs from the main package folder)
  • Adjusted behavior with the /NoStop flag, it now tells the SCM it will not accept stop messages, also it will not ignore shutdown messages.
  • Fixes to watchdog: Komodia's Watchdog bug fixes#Version_2.1.1.7

Version 2.1.1.8

Fixes:

  • WFP, changed dependency and load group, which fixed a situation it would not load after a reboot.

Version 2.1.1.9

Fixes:

  • Advanced Redirector, fixed bad ports number of accept notification.
  • Advanced Redirector, fixed a situation where accept close connection would not reach the DLL.

May

Version 2.1.0.5

Release date: 23/5/2011

Fixes:

  • Updated the sample Komodia's Redirector DLL framework guide#PCProxyDLL_-_Redirect_host_or_url to work with the new Chrome11 and IE9 connections scheme.
  • Added new C++ traffic handling sample Komodia's Redirector API Guide#Traffic_handling_samples.
  • Improved speed for LAN communication (this is another fix, different then the one in previous version).
  • Fixed a bug with storing string in the COM interface.
  • Updated the behaviour for: Komodia's Redirector COM framework guide#RequestString and Komodia's Redirector COM framework guide#RequestString64.
  • Adjusted the HTTP proxy redirection to work with the new IE9 and Chrome11 connection scheme.
  • Adjusted customization class CClientCustomizations to have the ability to store data.
  • Socket bind are now using SO_REUSEADDR, this to solve a situation when the service was terminated (not stopped), and the sockets can't bind because the OS didn't release the old sockets.
  • Advanced Redirector, fixed a condition that an incoming connection would not be intercepted correctly.
  • Fixed a problem where the service might automatically start by the LSP when the SDK is compiled with the manual start flag.
  • Added the flag SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS to the SSL Digestor, this allows to work with misconfigured SSL servers.
  • Fixed a problem on 64bit OS with LSP debug logging for troubleshooting.
  • Fixed a problem with the HTTP parser and POST, when the payload was larger then 16k, the POST would no go through.
  • Fixed a problem with the HTTP parser and POST, when hrSkip would not be correctly handled.
  • Fixed a problem with the HTTP parser when HTTP requests larger then 8k, the reply would not be processed.
  • DNS Hijacker, fixed a problem where under certain conditions localhost resolve would be intercepted by the module.
  • SSL Digestor, added support for iTunes.
  • Increased stack size from 128k to 256k.

Version 2.1.0.4

Release date: 3/5/2011

Fixes:

  • Features added: Komodia's Redirector new features#Version_2.1.0.4.
  • Fixes to watchdog: Komodia's Watchdog bug fixes#Version_2.1.0.4.
  • Fixed a situation where BroadcastChange would crash an application that loaded and then unloaded Winsock.
  • Lowered thread stack reserve size from the default of 1mb to 128k, this should lower memory footprint and allow for creation of more threads.
  • Adjusted socket buffers when redirecting traffic into the LAN, for increased speed.
  • DNS Hijack, fixed a problem that would cause applications to crash on Win7 64bit.

April

Version 2.1.0.3

Release date: 4/4/2011

Fixes:

  • Features added: Komodia's Redirector new features#Version_2.1.0.3.
  • Fixed a situation where clearing proxy with DNS hijacker will cause traffic to fail.
  • Added process name to the logging to aid with debugging.
  • Fixed a situation when an application that was excluded will not be included incase its name was different then the resource name.
  • Advanced Redirector, UDP proxy will not send broadcast packets to the proxy.
  • Advanced Redirector, UDP proxy now supports per app proxy.
  • Fixed a situation where an update of the Redirector using the /Service flag would cause the service to delete itself after reboot.
  • Fixed a situation where a cert could not be created with using the SSL digestor and the state field was empty.
  • When service is being stopped it will first enter stop_pending mode while shutting down.
  • CreateSSH would now exit when a service is being stopped.
  • SSL Digestor can now work on traffic that is relayed to HTTP Connect proxy.
  • SSL Digestor cert installer DLL load path is now the location of the service.
  • SSH module CreateSSHTunnel returns 255 when a timeout occurs (previous version returned 1 and it wasn't possible to know if the error was an error or a timeout).
  • Fixed a situation in the LSP where under certain rare conditions the socket would enter a limbo state that may affect the using application in terms that the socket would error when using WSAAsyncSelect.
  • Proxy control with DLL/COM modified to work better with HTTP proxies.
  • SSH module fixed a bug that exists in the original plink where a port forward connection would close when there is still data available to be sent.
  • SSH module fixed a bug that occurred when a key re-exchange occurred.

February

Version 2.1.0.2

Release date: Test version

Fixes:

  • Watchdog stability issues fixed.

Version 2.1.0.1

Release date: Test version

Fixes:

  • Removed the VistaInfo32 and VistaInfo64 DLLs.
  • Advanced Redirector: Fixed UDP proxy authentication and general bugs with UDP redirection.
  • Changed more functions from DataController to require authentication for retail version.
  • Features added: Komodia's Redirector new features#Version_2.1.0.1.

Version 2.1.0.0

Release date: 2/2/2011

Fixes:

January

Version 2.0.0.7

Release date: Was sent to number of clients only

Fixes:

  • Fixed a bug where data would come after session was terminated by the user inside DataBeforeReceive.
  • SSL Digestor: fixed a bug that under certain conditions would crash the SDK.
  • Fix for missing username inside DLL manager.
  • Various stability fixes for WD that would cause BSOD.
  • HTTP Parser: fixed a bug that prevented IE6 from seing replaced data under certain conditions.
  • Fixed a bug that was caused by a change in version 2.0.0.3 that would cause WOW to crash on Vista and above.
  • Fixed a bug that would prevent applications that are using ConnectEx to be intercepted or blocked.

2010

December

Version 2.0.0.6

Release date: 29th Dec 2010

Fixes:

  • Finalizing fixes of previous version.
  • SSL Digestor: fixed a bug that under certain condittions caused IE cert to installed incorrectly.
  • WD fixes: Komodia's Watchdog bug fixes#Version_2.0.0.6.
  • Socket redesign affects SDK overall speed.

Version 2.0.0.5

Release date: Was sent to number of clients only

Fixes:

  • Upgraded to OpenSSL 1.0c
  • Various fixed TBD on WD.
  • Revised default WD rules that might have caused undesirable effect.
  • Reduced socket cleaning timeout.
  • Redesigned socket communication module.
  • Internal monitor for hangs.
  • Redesigned shut down process.
  • Fixed a bug where the LSP would stop intercepting following a specific change in malice by the user.
  • Fixed a bug with HTTP Parser to correctly handle hrReturnHTMLAndHeader.
  • Proxy password now preserves case.
  • New features: Komodia's Redirector new features#Version_2.0.0.5.

November

Version 2.0.0.4

Release date: 26th November 2010

Fixes:

Version 2.0.0.3

Release date: 21th November 2010

Fixes:

  • LSP Bind problem on Vista and above.

Version 2.0.0.2

Release date: 18th November 2010

Fixes:

  • Fixed an problem that might crash the LSP installer on Vista and above.

Version 2.0.0.1

Release date: 11th November 2010

Fixes:

Version 2.0.0.0

Release date: 7th Nov 2010

Fixes:

  • RegisterLSP and PCProxy - Resource extract now use Unicode to get the directories.

October

DLL framework

Some maintenance on the framework and various bug fixes to solve uploads and downloads issue when using the framework.

Stability

Fixed a bug that under certain conditions when the client app would close unexpectedly the Redirector service would crash.

HTTP Parser

Added a work around for a non standard response by a server that looks like Apache.

September

Microsoft ISA server

Fixed a bug that caused browsers to not work with Microsoft ISA server.

Compatability

  • Added the ability to work with Kaspersky Saferun feature on 32bit and 64bit.
  • Added compatability with Dr. Web Anti-Virus.

SSL Digestor

Now replicates the cert version based on the source cert and not V1 constantly.

Process iteration

Process iteration now takes much less CPU then before.

Fast WAN or LAN

Fixed a bug that when downloading a file around 2Mbyte/sec or larger Redirector would start to take memory and CPU.

Firefox 4

New version of Firefox 4 disables loading any LSPs. We added a patch to our LSPs to bypass this "disable feature".

Memory use

Fixed a bug that occured when downloading a big file and memory would go up (1mb per 50mb of download) and then go down when the file download has finished.

August

Stability

  • Fixed a bug that might have causes crashes.
  • Fixed a bug that under certain conditions would leak resources and may lead to lost of network after running for a long period of time.
  • Fixed a bug that caused memory corruption (this applies to binary versions only).

Performance

  • Faster code to handle GZip compressions.
  • Now using latest Zlib library compiled using Assembler.

July

SSL Digestor

  • Fixed a bug with certs on new Firefox version (3.6.x).
  • Fixed a bug with new Safari version (5.x).

64bit

Offline file now saved correctly

Internal crashes

Incase of a crash, the Redirector will restart itself.

Socks4

Fixed a connection problem.

June

Cygwin

Cygwin based app would not connect when intercepted, this is fixed.

May

Post processing in HTTP Parser

Fixed a bug that caused high CPU when uploading a file via post (Gmail mostly).

April

Incoming TCP

Fixed a bug where incoming TCP was always intercepted.

Crashes

  • Fixed a crash that occured when a custom DLL was present.
  • Fixed that the DLL received events on a session after it recevied a close event.

VB console

Fixed a bug that the console didn't display/set the correct inverse flags for incoming TCP.

March

SSL Digestor

Fixed two issues:

  1. Alternative subject name is now copied from the original certificate.
  2. Expire date is copied from the original certificate, if it expired, the user will get an expire certificate warning.

CIDR

Fixed the LSP CIDR IP range detection.

February

Block all but

Fixed a bug where changing interception mode to "all but" and adding an item to the list, the item would still be intercepted.

January

Komodia's DNS Hijacker

Fixed a bug which caused browsers to fail surfing when Redirector was shutdown.

HTTP Parser

Fixed a bug that the module would not detect when a page ends correctly under certain conditions when server replies using HTTP/1.0

2009

December

Applications exit times

There would sometimes be a five seconds delay to some applications when exiting, this delay has been fixed, now there's no delay.

DLL framework

Fixed a situation where received data notification would come after the socket close notification arrived.

Komodia's DNS Hijacker

Overall improvement for Windows7 and fixed a bug which disabled the ability to log into Gmail from Firefox on Windows7.

Proxy control

Fixed a bug that caused browsing to stop when a browser had a proxy set and the Redirector tried to redirect via a HTTP proxy or HTTP Connect proxy.

SSL Digestor

  • Added exception to LogMeIn website.
  • Dropbox.exe must be added to the excluded application in order for it to work.

Stability and leaks

Fixed some memory leaks, and a possible stability issue.

November

DNS Interception

Fixed a bug which made some applications to hang on startup.

Delayed startup

Fixed a bug that caused Internet Explorer 64bit to not load when using a standard user.

Vista/7 WSPSelect

Fixed a bug that caused the application to lose networking when there was a mixture of dual usage of IPv4 and IPv6.