Release 1.0 - March 17 2005

first release of ufdbGuard.
Version 1.0 does 28,000 verifications/sec.


Release 1.1 - May 2 2005

ufdbGuard now also supports databases that are based upon URLs.
So now it supports
1) basic domain names (e.g. www.google.com)
2) full URLs          (e.g. www.africaonline.com/news/index.htm)  (NEW)
ufdbGenTable has an extra option (-u) to support this.

ufdbGuard has a test mode that logs which URLs can be blocked but always
sends a 'this URL is allowed' message to squid so nothing is blocked to
users in test mode.  Use the -T option.

The release procedure had a flaw to include a binary executable in the source
distribution.  The executable is not included any more.

ufdbGenTable assumed in 1.0 that all input files had lowercase domains/urls.
Now it converts the input to lowercase to catch mistakes in the input files.

There was still a dependency on db.h in sg.y and sgDiv.c that was removed.

Fix a bug in sg.y where 1 byte memory was malloced too short for a string
(this bug is from squidguard 1.2.0 sg.y line 965)

Fix a bug where ufdbGuard crashed on URLs that are longer than 512 bytes.

Always log 
1) the number of requests that were processed
2) the CPU times used to initialize and process all requests.

Include the test directory in the release.
This also prevents an error in the configure script.

Fix buffer overflow error for input lines.
Fix NULL pointer error in SgLogRequest().

Support to build squidGuard and ufdbGuard from the same source has been dropped.

Fix bug in URL parser where the port number was not stripped from the URL,
i.e. chat.terra.com.br:3876/xxx was not categorised as "chat".


Release 1.2  -  July 24 2005

various optimisations in parseLine()

The log file is rotated when the size exceeds 512 MB.
A maximum of 10 log files are used.

version 1.1 always logged the REDIRECTs in the log file.
In version 1.2 the default is not to log them.
Implemented -r option to log REDIRECTs.

Encryption of tables implemented.
All tools use the 1.2 table format that has encrypted data (the header is plain text).

Compression of databases using bzip2 is implemented.

Fix old-style perl in ufdbGuard.cgi

The performance is now about 25,000 URL verifications/sec.


Release 1.3  - September 21 2005

Use larger I/O buffer to increase speed of generating a .ufdb table
ufdbGenTable has new -q option to suppress warnings

Make code of ufdbguard thread-safe.

A new multithreaded ufdbguardd daemon is born.
The daemon has only one copy of the database in memory and 
16-64 worker threads.
To perform a URL verification using the ufdbguardd daemon, the
new lightweight program ufdbgclient can be used by squid as a 
lightweight redirector.

Warning: the ufdbguardd has a default number of 16 URL verification threads.
Use the -w option to increase the number of threads.
!!! Do *not* use more redirectors in squid than threads in the daemon.

An API has been developed to use ufdbGuard code linked with 
3rd party software (see src/api/apitest.c).

fixed memory leak at reload of config file.

Support processor affinity for the multithreaded daemon on Linux with
a line like "cpus 2,3" in the configuration file.
This enhances CPU cache efficiency and is recommended on all
real multi-CPU machines.  Do not use it on a single hyperthreaded CPU.


Release 1.4  - November 29 2005

new functionality:
re-introduced support for usernames and userlist in ACLs

fixes:
fixed database reload on receive of HUP signal for Linux 2.6
and other OSes.

fix for URL conversion: unicode characters < 0x20 and > 0x7f
are not manipulated.  So in arabic countries regular expressions
like google.*q=%d8%b3 can be used.

fixed small memory leak for users with time-constranied ACLs

removed compiler warnings on Solaris 9

ufdbUpdate always works with valid username and password.


Release 1.5  - December 7 2005

fixes for the installation procedure: 
install ufdbGuard.conf in correct directory (specified with --with-ufdb-config)
preserve old user-configuration values in ufdbUpdate
/etc/init.d/ufdb is updated with proper PATH for ufdbguardd binary

Use send and receive timeouts on all socket communications (4 seconds)
to prevent occasional hangs.


Release 1.6  - December 29 2005

ufdbguardd: queueing of file descriptors for worker threads re-implemented.
improved socket error handling for ufdbguardd and ufdbgclient.
improved socket I/O timeouts.


Release 1.7  - January 9 2006

Use ufdbguardd.pid file with main PID to send signals to
minor URL parsing change: substitute any // inside a URL by /


Release 1.8  - January 24 2006

new -A option for ufdbguardd to analyse uncategorised URLs.
Fix: stop all threads when 1 thread receives a fatal signal.
Fix: extra dot at end of domainname caused incorrect lookup results.
Fix: latin-1 characters in domain name lookups (i.e. dreimderlhaus.at lookup is OK)
Fix: hard-coded directory in config file caused 'make test' to fail if not used
in /local/src/ufdbGuard-1.x.
Fix: clear messages in log file when test mode is used.
make install failed if . is not in the PATH


Release 1.9  - September 12 2006

Fix: rare message overflow in log function.
Fix: better support for linux 2.2 and 2.4
Fix: use ufdbguardd.pid in ufdbUpdate
Enhancement: some fatal errors are also logged with syslog()
Enhancement: new "administrator" keyword for inclusion in error message
Enhancement: do not include hostnames without domainname in uncategorised URLs
Enhancement: analyse-uncategorised-urls is ON by default
Enhancement: sockets are closed with a 2 second linger
Enhancement: the API is extended for categorisation of URLs


Release 1.10  -  22 November 2006

Fix: API test complained about not finding the toolbars database
Fix: redirection URL can be prefixed with "302:" for backward compatibility with squidGuard.
API change: to support proxy tunnel detection the API of UFDBstripURL() has been changed (see API HOWTO)
Enhancement: NEW feature: proxy tunnels can be detected and blocked


Release 1.11  -  4 December 2006

Fix: new autoconf configuration for increased independency on platforms and better prereq checks


Release 1.12  -  20 September 2007

Fix: detected proxies were not blocked
Fix: configure script checks for existence of wget
Enhancement: increase security with options enforce-https-with-hostname and enforce-https-offical-certificate
Enhancement: support ACLs based on unix groups
Enhancement: keep log of blocked URLs (use "logblock on" in the config file).
Enhancement: keep log of all URLs (use "logall on" in the config file).
Enhancement: new option safe-search to enforce SafeSearch/AdultFilter features of search engines.
Enhancement: also check port 563 for proxy tunnels
Enhancement: check validity of dbhome parameter
Enhancement: check for existence of a redirection statement
Enhancement: logfile rotates when USR1 signal is received.
Enhancement: ufdbGenTable warns for www. prefix
Enhancement: ufdbUpdate has new -v option for initial testing with more feedback
Enhancement: ufdbUpdate starts ufdbguardd if it is not running 
Enhancement: support urlgroup in Squid 2.6
Enhancement: redirector URL accepts color and size attributes


Release 1.13  -  26 September 2007

Fix: use mutex for older glibc libraries which have regexec which is not thread-safe
Fix: use CRYPTO lock functions for SSL verifier
Enhancement: use faster UNIX communication socket instead of IP socket when available.


Release 1.14  -  28 November 2007

Fix: 1 multithreading performance issue solved
Fix: various small errors in FreeBSD and Solaris 9 & 10 ports
Fix: SafeSearch for ask.com did not work always
Fix: SafeSearch for video search on Yahoo did not work 
Fix: if squid and ufdbguardd are run with different user ids, communication with ufdbguardd fails when UNIX sockets are used
Fix: 2 multithreading issues in the HTTPS/SSL verification threads
Fix: core dump when userlist is empty
Fix: blocked websites using https get a proper error message instead of "The requested URL could not be retrieved"
Enhancement: added new http daemon to serve redirection messages
Enhancement: added new program to analyse a Squid log file and report usage of URL categories
Enhancement: added Excite and dogpile.co.uk to list of SafeSearch search engines
Enhancement: added new -U option to switch to another user ID (eliminates use of "su")
Port: now also runs on Solaris 9, Solaris 10 and FreeBSD 6.2


Release 1.14b   -  30 November 2007

Fix: unintended SafeSearch for Ebay led to strange errors
Fix: regular expression matching for URLs with ? did not work

