Release Notes

Current FUSION build: 8.306
Current OS release: 10.1-RELEASE-p29

Build Release Notes

Fix bug causing display issues in the default portal for mobile devices.
Fix bug causing exception for some web-service-based PMS interfaces.
Fix bug where the RADIUS server did not correctly include an Account’s group in the Class attribute of an Access-Accept response.
Update FreeBSD to latest patch level 10.1-RELEASE-p29 to address non-critical security vulnerabilities, including OpenSSL
Add the ability to configure whether or not a new VLAN Tag Assignment inherits the static attribute of an existing shared VLAN. The previous behavior was to always inherit the static setting of an existing VTA when assigning the same VLAN to a shared device.
Fix bug that caused the Ethernet Interfaces scaffold to not display correctly after restoring a backup to a system with a different set of network interfaces.Fix bug where the Admin used to initiate a backup restore can change during the restore process because of differences in the old and new databases, sometimes causing the Admin to be logged out, or locked out of the Ethernet Interfaces scaffold when a physical interface change is detected. The same Admin login must still exist in both databases to successfully complete a restore.
Update NTP server to address recent security vulnerabilities.
Fix bug in the factory reset process that could require the operator to have to manually restart the web server.
Automatically copy existing custom portal mobile-format view and layout files (.mobile.erb) to their tablet equivalent (.tablet.erb).
Upgrade web server application framework to Ruby on Rails to address the following security vulnerabilities: CVE-2015-7576, CVE-2016-0751, CVE-2015-7577, CVE-2016-0752, CVE-2016-0753, CVE-2015-7581.
Remove the “Debug Popup” link when the web server is in development mode and replace it with a footer containing more useful debugging information.
Add the ability to have “tablet” specific views and layouts in custom portals in addition to the existing “mobile” format. A tablet-specific view or layout will be rendered by devices classified as “tablets” (e.g., Apple iPad, Amazon Kindle, Samsung Galaxy Tab).
Improve the performance of the web admin console.
Update the BIND DNS server to the latest patch version 9.10.3-P3 to address security issues described in CVE-2015-8704 and CVE-2015-8705, and a regression in authoritative server selection.
Fix bug that could cause graph data loss on certain systems under heavy load.
Update FreeBSD to latest patch level 10.1-RELEASE-p27 to address minor security and stability issues.
Fix memory leak in the SNMP server.
Randomly generate the default SNMP community string.
Upgrade ISC DHCP server to latest version 4.3.3-P1 to address
security vulnerability CVE-2015-8605.
Fix bug that allowed an Admin with read-only permission to batch destroy a record in some scaffolds.
Add a “System Info” scaffold containing useful hardware and other information to the Instruments->System page of the web admin console.
The conference tool now correctly limits Switch Port VLAN configuration changes to only the related Infrastructure Device (switch).
Prevent configuring more local autoincrement network subnets than the licensed Transit IPs limit.
Fix bug causing a fatal PF error when there are many network addresses configured with large autoincrement values.
The Transaction (transactions) model/table/scaffold has been renamed to MerchantTransaction (merchant_transactions). Typical source code in existing custom emails and portals is updated automatically during the upgrade process. This change affects RESTful API consumers relying on the transactions resource.
Fix bug that caused the rules for a Remote DPI Signature or Content Filter Blacklist to be removed after it was downloaded.
Fix rare bug that could cause the build upgrade process to fail.
Fix bug that caused a fatal exception in the portal when trying to authenticate via a Shared Credential Group from a device in a Group that lacked a configured Policy and/or Splash Portal.
Fix bug affecting SMB server operation.
Add new “automatic login fallback” checkbox option to the PMS Servers scaffold that controls whether or not the system looks for an existing Account via the portal’s desired automatic login behavior (MAC and/or cookie) when one for a PMS guest/room does not already exist.
Fix bug where configured Remote DPI Signatures and Content Filter Blacklists were not downloaded immediately after restoring a backup to a clean system.
Add a “count_only” parameter to the RESTful API index action that returns only a count of the number of records in the given scaffold resource instead of the actual records.
Update the BIND DNS server to the latest patch version 9.10.3-P2 to address security issues described in CVE-2015-3193 (OpenSSL), CVE-2015-8000 and CVE-2015-8461
Fix bug that caused an Account to be missing from the “Daily Data Usage By Account” report when said Account had been used after the desired time range.
Update FreeBSD to latest patch level 10.1-RELEASE-p25 to fix multiple security vulnerabilities in OpenSSL: CVE-2015-3194, CVE-2015-3195, CVE-2015-3196.
Shift4 Merchant gateways are no longer supported.
Include a ‘’ variable in the kernel_states table, containing a comma-delimited list of CAM devices as a way to retrieve the list of disk drives programmatically via API.
Various SOAP webservice improvements.
Backend automatic login now will not automatically re-login an end-user to a previously-used Shared Credential Group that is not configured in her current effective Splash Portal (i.e., IP Group and Policy).
Upgrade the web caching proxy with stability improvements.
Retry sending commands to a Ruckus ZoneDirector or SmartZone device up to three times when its CLI connection count is exceeded.
Fix bug that broke use of the First Data offsite payments gateway.
Update HTTP user agent OS and browser identification database. Update IEEE OUI (MAC address) vendor lookup database. Update IANA port service lookup database.
A device belonging to a Link Control Policy that currently has no online/connected Uplinks available will no longer fallback to using the default, highest-priority Uplink.
Add dmidecode CLI tool to report information about the system’s hardware as described in its system BIOS according to the SMBIOS/DMI standard.
Fix Fatal Exception error on the System->Certificates page of the web admin console.
Upgrade the web caching proxy including numerous stability improvements.
Add a debug mode option to the IPsec Server configuration scaffold for increasing logging verbosity when debugging connection problems.
Add Xirrus as an available Infrastructure Device option, which enables sending a “clear authentication” command to an AP for the purpose of changing an end-user device’s VLAN assignment.
Conferences now utilize Access Points configured in an associated Infrastructure Area. The SSID for a conference will only be configured on the desired Access Points. This requires a WLAN group configuration in a Zone Director that matches the name of the conference WLAN. Those WLAN groups should contain the conference WLANs as well as any other WLAN that should be present on the given APs, such as a Guest WiFi WLAN.
Update FreeBSD to latest patch level 10.1-RELEASE-p24 to fix rare stability issues.
Fix bug that affected PMS room/guest lookup behavior for certain webservice-based PMS interfaces.
An HP switch Infrastructure Device now properly cycles a port having a MAC address associated with a VLAN ID that has changed because of dynamic per-Account configuration.Automatically delete related switch ports and access points when removing an Infrastructure Device.
Upgrade the PostgreSQL object-relational database system to version 9.4.5, including stability fixes.
Improve the display of time durations throughout the web admin console and default portal.
Update ruby payment gateway library, improving stability of and adding support for additional direct and offsite merchants.
Update HTTP User Agent database. Update IEEE and IANA databases for MAC address vendor and port service lookup.
Improve web server error pages.
Configuring a new Infrastructure Device now automatically builds out the appropriate IP Group, Policy, and RADIUS Server Option configuration to permit it access to the RADIUS server.
Update NTP server to address recent security vulnerabilities.
Fix issue where the web server could restart too frequently when running in development mode in a production environment for too long.
Fix bug that caused a fatal error when accessing the System->Backup page of the web admin console after creating a Routine Backup with the number of local backups set to zero.
Fix bug causing instances of error “PG::TRDeadlockDetected: ERROR: deadlock detected”.
Fix rare bug that caused the system default route to be incorrect when an Uplink configured for DHCP could not communicate with a DHCP server.
Fix rare bug that broke DNS server functionality after an improper shutdown.
Fix bug that affected the conference tool’s ability to automatically configure ports on an HP switch via telnet.
Add PMS Server interface support for the HTNG Property Web Services Single Guest Itinerary Message Specification (HTNG2008B and HTNG2008BExt).
Fix bug that created a new create/update Admin Write Log entry for invalid records.
New default portal. Single responsive design that works for mobile and non-mobile browsers. Mobile framework still supported. Menu and login forms dynamically generated based on configuration. Changing logo and slideshow images will result in a portal that meets most operators needs.
Add support for the AES 256 encryption algorithm in IPsec specification configuration. The existing AES option defaults to 128 bit.
Inbound packet forwarding policies now support the ability to optionally configure a specific original uplink destination address to forward on, allowing the operator to override the old behavior, which acted upon all non-BiNAT uplink IPs.
Fix bug where especially-large remote DPI signatures could overflow the /usr filesystem on systems with smaller than average disk drives.
Fix bug that caused the built-in NTP server to fail as a time source for
external clients when all uplinks are offline.
Fix bug that broke the Innsist PMS Server interface.
Fix bug that broke the Network dashboard graph for cluster deployments with atypical Cluster Node record names.
Add the ability to include related objects in RESTful API responses.
Include an artificial pms_room_id attribute in the XML/JSON/YAML responses to the pms_guests API resource for backwards compatibility with old API consumers. A PMS guest may now belong to multiple rooms, so the included pms_room_id refers to the room that was first created.
Fix bug causing a cluster node to be incorrectly marked as a zombie RADIUS server for an indefinite period of time.
Fix bug causing a “Request Failed” error when manually creating many Accounts and AR Transactions at the same time via the Identities page of the web admin console.
Add timestamps to the RADIUS server log file.
Upgrade the web caching proxy including numerous stability improvements.
The default idle timeout configured in the active Network Option is now enforced upon IP Sessions (managed local IP addresses) that lack a corresponding Login Session and are behind a Landing Portal configured with an unlimited idle timeout. Fixes an issue where the IP Sessions table can bloat indefinitely when there are many unique managed IPs that are not required to login, but belong to a Group/Policy with no idle timeout.
Update the BIND DNS server to the latest patch version 9.10.2-P4
to address security vulnerabilities CVE-2015-5722 and CVE-2015-5986.
Add support for the Infor PMS Generic Inquiry and Posting Interface.
Update FreeBSD to latest patch level 10.1-RELEASE-p19 to address
potential security vulnerabilities, including CVE-2015-5675.
Enable resizing the categories select list in the Content Filters, Remote
Content Filter Blacklists, and Remote DPI Signatures scaffolds.
Fix bug that caused a fatal error when viewing the RADIUS server log via
the web admin console.
Fix bug that prevented including numbers in a Custom Portal’s controller name.
Update FreeBSD to latest patch level 10.1-RELEASE-p18 to address
potential security vulnerability.
Fix bug that prevented associating a new Admin Role with a list of scaffold
exceptions via API.
Fix bug that broke WYSIWYG editing of conference tool portal modifications.
Add keepalive behavior to the Marriott PMS interface.
Truncate a DHCP client’s identifier (uid) to 255 characters when
instrumenting leases. Fixes rare bug causing error: “DBD::Pg::db
pg_putcopyend failed: ERROR: value too long for type character varying(255)
CONTEXT: COPY dhcp_leases, line 1, column uid”.
Update HTTP User Agent database. Update IEEE and IANA databases for MAC
address vendor and port service lookup.
Add the ability to configure an IPsec Tunnel with a domain name as the
remote gateway.
Add a new health notice type for DHCP server DoS detection warnings.
Improve PMS Guest duplicate account ID detection. Fixes issue that causes
confusion when looking at an Account’s guest relation when a PMS interface
does not correctly implement unique IDs for each guest (e.g., RoomKey’s
Comtrol UHLL interface).
Fix Mail Queue Entry instrumentation when there are multiple recipients.
Fix bug that broke searching in the PMS Rooms and PMS Guests scaffolds.
In the FIAS PMS interface, do not respond to a Link Alive (LA) record with
a Database Resync (DR) request unless it is the first LA record received
after the initial connection.
Upgrade the web caching proxy including numerous stability improvements.
Update FreeBSD to latest patch level 10.1-RELEASE-p17 to address numerous
non-critical security vulnerabilities.
Add the ability to configure a limit on the number of unique VLAN IDs that
are assigned to a single RADIUS Called-Station-Id MAC address (e.g., an
access point). This facilitates the deployment of a large number of VLANs
throughout a WiFi network even when the hardware VLAN ID limit of a single
access point (e.g., 32) could otherwise be exceeded in high density areas.RADIUS Accounting should be enabled on the WLAN NAS for optimal control.
RADIUS Server Accounting Logs are now created for requests that do not have
an associated Account (e.g., when using “MAC auth” for dynamic VLANs).
Add new “Log Hits Trigger” feature to detect malicious behavior from
end-user devices against the FUSION’s HTTP(S) and SSH services. The trigger
enforces a configurable maximum number of HTTP(S) requests to the web
portal and/or admin console, or failed SSH authentication attempts, within
a configurable window of time.Max Connections and DPI Triggers may now be configured with a MAC Group as
the Transient Group Membership target.

The RADIUS server now recognizes if a MAC address associated with a request
is a member of a MAC Group via Transient Group Membership. This enables all
event trigger types to change a device’s effective RADIUS Policy, and thus
VLAN assignment or lack-thereof.

All Triggers may now be configured to optionally flush a device’s packet
states, DHCP leases, ARP entries, and/or VLAN assignments when
transitioning to/from a Transient Group Membership. Previously, only packet
states were always flushed by default.

Add the ability to block access to the internal HTTP(S) server from the LAN
and/or WAN independently via an Admin ACL.Add the ability to block access to the internal DNS server from the LAN by
setting the active DNS Server Option’s visibility to blank.
Fix bug where log file pagination within Archives->Logs of the web admin
console could display an unusable number of pages for large log files.
Update the BIND DNS server to 9.10.2-P3 to address critical security
vulnerability CVE-2015-5477.
Fix bug that prevented Application Filters from correctly blocking packets.
Improve how quickly the web server responds with the Error 503 “RESTARTING
SERVER” page after a web server restart is initiated.
Update FreeBSD to latest patch level 10.1-RELEASE-p15 to address a security
and stability issue in the TCP stack that could cause resource exhaustion
due to sessions stuck in the LAST_ACK state under very rare circumstances.
Upgrade the RADIUS server including numerous stability improvements.
Fix bug that introduced duplicate attribute elements in XML/JSON responses
to API resources.
Fix bug that prevented listing all Admin objects via the admins scaffold
API resource.
Improve PMS interface behavior to better support situations where a single
guest entity in the PMS is checked into more than one room at the same
time. If per-Guest Account sharing is enabled, guests with multiple rooms
who purchase usage and create an Account for one room now correctly reuse
that Account when signing in with the other room number.Fix bug where per-Room Account sharing allowed the same logical PMS Guest
with different PMS Rooms to use the same Account.

Add per-Guest as a Dynamic VLAN assignment option, enabling the grouping of
devices into a single VLAN for each logical PMS Guest name instead of by
PMS Room number.

Update IEEE and IANA databases for MAC address vendor and port service lookup.
Custom Email substitution objects are now available as local ruby variables
within ERB context. For example: “<%= device_option.domain_name %>” is now
equivalent to “%device_option.domain_name%”.
Update FreeBSD to latest patch level 10.1-RELEASE-p14 to fix numerous
rare stability issues.
Fix bug that caused new Routine Backups to occur more frequently than
Fix bug causing intermittent invalid PMS room inquiry responses for some
Marriott portals.
Upgrade the web caching proxy including numerous stability improvements.
Fix bug that broke PMS Guest match behavior from restricting the list of
available Usage Plans in the default captive portal.
Fix bug that caused a Comtrol PMS room inquiry to return invalid room even
when the room was valid.
Fix issue that caused the XML response to the pms_rooms RESTful API list
action to be unnecessarily large.
Prevent multiple build upgrades from running at the same time when the
device_options/upgrade_build API resource is hit again during an existing
upgrade process, which can break the upgrade.
Update the BIND DNS server to 9.10.2-P2 to address security vulnerability
Fix bug causing “fatal error in packet filter configuration” and “illegal
tos value 0x00” errors on systems with multiple Uplinks.
Fix bug where configuring a manual “domain-name-servers” DHCP option would
not always override the usual list of servers comprised of the local
interface address and configured DNS Servers.
Fix bug that broke the use of web proxy services (content filter, cache,
and/or rewrite) when using multiple Uplinks having a configured span
greater than one (i.e., multiple usable public IPs).
Exclude RADIUS Server Accounting Logs from backups when including historical
user activity is not desired.
SSL Certificate Signing Requests, Certificate Authorities, and self-signed
certificates are now signed with an SHA-256 hash instead of SHA-1. Local
Certificate Authorities now employ a 2048-bit key length.
Add support for recurring Usage Plans to charge against a PMS Server.Add the ability to configure a finite expiration period for recurring Usage
Plans (e.g., stop billing after 12 months), which previously would recur
indefinitely until the Account was switched to a different plan.
To facilitate the creation of a Cluster Controller, the Cluster Nodes
scaffold is now accessible via the System->Cluster page of the web admin
console on a standalone device.
Fix bug that broke the manage devices page of the default portal.
Fix bug that prevented configuring a VLAN as an Uplink.
Record the DHCP “Parameter Request List” option 55 in leases instrumentation and archives. Make the dhcp-parameter-request-list option available in a DHCP Match Rule.
Upgrade web server application framework to Ruby on Rails 3.2.22 to address the following security vulnerabilities: CVE-2015-3227, CVE-2015-1840, CVE-2015-3225. Various scaffold UI performance improvements and bug fixes.
Upgrade the PostgreSQL object-relational database system to version 9.4.4, including stability fixes.
Update FreeBSD to latest patch level 10.1-RELEASE-p12 to fix multiple security vulnerabilities in OpenSSL: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-4000.
Fix bug that prevented instrumentation of a DHCP lease’s “agent circuit ID”
and “agent remote ID” fields.
Updating the system build of a Cluster Controller now automatically
upgrades the nodes in parallel. Updating a node of a cluster directly is no
longer supported, except for OS updates.
Fix bug where throughput and traffic rate dialogs computed 1 kb/s as 1024 b/s
instead of 1000.Improve display of byte and packet rates to be more readable throughout the
web admin console.
Fix bug where the configured time of a Routine Backup could be gradually
skewed away from the desired hour/minute/second.
Fix bug where interface transfer rate was not reported correctly for PPPoE
Uplinks in the throughput dialog and Interface Rates scaffold.
Improve database purger performance.
Add the ability to configure whether a Usage Plan’s name or description is
sent as the “description” field to a PMS Server. The previous behavior was
always the plan’s name.
Correctly utilize the “payment” field as the guest’s “no post” flag in the
Marriott PMS interface.
Greatly reduce the amount of time it takes to backup and restore systems
with very large databases.
Add Ruckus RuckOS as an available Infrastructure Device type to support
SmartCell Gateway (SCG) WLAN controllers.
Update and fix issues with the SIP proxy server.
Upgrade the PostgreSQL object-relational database system to version 9.4.4,
including stability fixes.
Fix bug that broke direct DNS requests to Uplink DNS servers from a device
having a BiNAT assignment (e.g., DNS requests to a secondary server that is
not the FUSION).
Add new API resource actions to admin/scaffolds/device_options for dealing
with system build and operating system upgrade automation.
Automatically logging in a previously-authenticated Shared Credential
Group, RADIUS Realm, or LDAP Domain device will now logout the device’s
previous session. Fixes issue where more than one session could exist for
the same MAC address when non-Account based automatic login is employed.
Upgrade the PostgreSQL object-relational database system to version 9.4.2,
including security and stability fixes.
Add a total utilization summary field to the Token scaffold’s show option.
Fix bug that caused incorrect revenue values to appear in some reports.
Add the following additional fields to DHCP Leases instrumentation and
archives: shared network, agent circuit ID, agent remote ID, user class,
and vendor class identifier.
Fix bug causing erroneous “nightly database vacuum failed” error.
Fix bug that caused the portal to hang when a Device was added to an
Account that exceeded the max number of BiNATs the Account should support.
Fix bug that prevented configuring the same switch port for more than one
Infrastructure Device.
Fix rare condition with the Comtrol PMS interface where we received data
for a room that was not the room requested as part of a room inquiry.
Add new API resource actions.admin/scaffolds/pms_servers/find_matching_guests: Find matching PMS Guest
records for a given name and room.

admin/scaffolds/pms_servers/post_charge: Post a charge to PMS Guest’s folio.

admin/scaffolds/*/execute: Execute an arbitrary class or instance method
against the scaffold’s model.

OEM customization now supports overriding the support and licenses URLs
used when clicking on various Health Notices.
Fix issue where the operating system’s password database could become corrupt
or missing after an improper shutdown.
Fix bug causing a backend exception when a static BiNAT configuration
existed for a local network that no longer existed.
Add the ability to configure the logic operator (AND/OR) for Usage Plans
configured with more than one PMS Guest Match.
OEM customization now supports overriding the favicon.ico of the web admin
Stop creating NAT assignments for end-user device IPs on Uplinks the device
is not assigned to.
Add Account, MAC, and hostname fields to the Uplink Assignments instruments
Fix bug that caused issues with NAT for configurations with multiple Uplinks.Fix bug that caused backend exception “Can’t use an undefined value as an
ARRAY reference at …” after deleting an existing Uplink configuration.
When restoring a backup from a system with a different set of ethernet
interface types (i.e., port names), ensure the operator selects appropriate
physical ports for the existing interface configurations when clicking the
“COMMIT CHANGES” button. Fixes issue where the operator could be locked out
of the system if the restored configuration was not correctly mapped to the
new set of ethernet ports.
Re-organize and add additional help to locate the MAC address of a device
on the manage devices view of the default portal.
Fix bug that broke WAN Target whitelists for Admin ACLs that restricted SSH
and/or web access on the WAN.
Fix issue causing “the working directory is not writable” error to appear
in the console.
Update MAC address vendor lookup table with latest IEEE OUI listing.
Fix bug causing error: “DBD::Pg::db pg_putcopyend failed: ERROR: numeric
field overflow DETAIL: A field with precision 4, scale 2 must round to an
absolute value less than 10^2.”
Improve security of the DNS server (BIND).
Add the ability to dynamically assign Bidirectional NATs (BiNATs) to
devices in desired Groups/Policies via a new configuration scaffold named
“Dynamic BiNAT Pools”.All Devices of an Account are NATed to the same public IP as the first
Device with a dynamic BiNAT assignment. This allows the Account’s desired
BiNAT Device to behave similar to a typical residential gateway’s “DMZ”

Accounts and Usage Plans now have a “max BiNATs” configuration parameter to
limit the number of Devices in a given Account that may be assigned a
BiNAT. Devices now have a BiNAT checkbox configuration, which permits the
Device to be assigned a BiNAT from an appropriate Dynamic BiNAT Pool. This
checkbox may be set by the operator via the Account and Device scaffolds,
or by the end-user as a “Public IP” or “DMZ” checkbox in the manage devices
view of the portal application.

Add a new “NAT” view under “Instruments” of the web admin console.
Includes a new “NAT Assignments” scaffold indicating which device IPs are
NATed or BiNATed to which public IPs. Also includes new “NAT Pool Stats”
and “BiNAT Pool Stats” scaffolds indicating NAT and BiNAT assignment usage
for each Uplink and Dynamic BiNAT Pool.

Fix bug that could cause some systems to hang during reboot after OS
patches were installed. Requires updating to latest kernel patch level first.Fix issue that caused system shutdown to take longer than it should.
Upgrade ruby to version 2.1.6 to address a security vulnerability.Upgrade the samba SMB server to address a security vulnerability.

Upgrade the SNMP server with numerous bug fixes.

Upgrade the RADIUS server including numerous stability and performance

Upgrade the web caching proxy including numerous stability and performance

Update the root SSL certificates.

Add a “description” column to the PMS Transactions table, which records the
name of the purchased Usage Plan, such that behavior is consistent with
Merchant Transactions.
Fix bug causing erroneous error ‘infrastructure device “…” flush MAC
command returned error 1: invalid script arguments’ when an Infrastructure
Device (e.g., ZoneDirector) experienced a connectivity problem. The error
now indicates an appropriate connectivity problem, which may happen when
the device (e.g., ZoneDirector) is rebooted while processing a VLAN Tag
Assignment flush request.
Fix bug where the nightly database maintenance routines were run at an
incorrect time if the configured time zone was changed without rebooting
the system.
Fix issue possibly causing reduced RADIUS server performance during the
overnight database maintenance window.
Add a ruby OAuth library to facilitate custom portal login integration w/
Facebook, Twitter, LinkedIn, etc.
Install a symlink to the root SSL certificate bundle where third-party
applications expect it to be. Facilitates development of custom portals
that integrate with external HTTPS services.
Alleviate rare issue where the web server would return a Fatal Error 500
when unable to connect to the database.
Fix possible issue with the SNMP server periodically not responding on some
Fix bug that prevented configuring a VLAN as an Uplink.
The RADIUS server now responds to accounting packets even when the request
does not match a valid Account of a configured RADIUS Server Realm.
Automatically strip leading and trailing whitespace when configuring RADIUS
server attributes.
Add default RADIUS server attributes for VLAN assignment, and default DHCP
option 43 custom options for Ruckus discovery.
Fix scaffold RESTful API actions to return all record attributes when
accessed via JSON or YAML.
Update FreeBSD to latest patch level 10.1-RELEASE-p9 to address
the following non-critical security vulnerabilities: CVE-2015-2923,
CVE-2014-9297, CVE-2015-1798, CVE-2015-1799, CVE-2015-1415,
Improve the reliability of flushing an end-user device’s MAC from a WLAN
Infrastructure Device after logging in when per-Account dynamic VLANs are
configured.Add a “portal login at” field to the Login Sessions table that records the
time when an end-user’s device loads the login success page after the
spinning please wait animation.
Update the RESTful API SDK with examples that demonstrate changes to policy
enforcement and usage plan pricing.
Add ‘dynamic-bootp-lease-length’ as an available DHCP Option.
Fix bug affecting RADIUS server functionality on cluster controllers
running FreeBSD 10.1.
BOOTP requests are now correctly recorded as DHCP Messages.
Add the ability to redeem a coupon as part of the quick purchase sign-up
process. The quick purchase form requires coupon_code HTML input.
Fix bug that prevented peforming an OS upgrade for someone with certain
special characters in the support credential password.
Fix bug that could cause false-positive critical IP health notices such as
“detected potential problem(s) pertaining to critical host(s)”.
Add the ability to configure the DHCP server to ignore BOOTP requests.
Include an ‘rxg_build’ variable in the kernel_states table as a way to
retrieve the current software build programmatically via API.
Update Facebook login code to the latest JavaScript API release.
Prevent configuring a Landing Portal with a post-login redirect URL when
the affected Policies perform per-room/account VLAN assignment. This is to
ensure the end-user receives the message from the portal about having to
reconnect her WiFi after logging in.
Prevent configuring BGP and RIP routing simultaneously. Listening for routes
from both protocols is not supported.
Fix rare bug causing a portal failure exception of “Validation failed:
Device MAC has already been taken”.
Decrease likelihood of erroneous error “filesystem partition “/usr” is over
85% utilization”.
Fix bug where active Accounts with expired and/or no usage would get
automatically logged in and stuck at the please wait page without the ability
to purchase more usage.
Add the ability to configure if an HTTP Virtual Host is HTTPS capable or
not. Previously this was controlled by configuring a local server port of
443 or 8443.
Fix rare bug causing Custom Portal asset precompile errors when critical
directories were removed from a portal on the filesystem.
Update the base operating system to FreeBSD 10.1.In addition to many security, stability, and performance related
improvements across the board, noteworthy changes include:

The packet filtering (pf) firewall now supports fine-grain locking and
better utilization on multi-CPU machines, resulting in significant
improvements in packet forwarding performance.

OpenSSL has been updated to version 1.0.1l, containing numerous security
improvements. The HTTPS web admin console and captive portal now support
TLS v1.2 and TLS v1.1 for better encryption in all browsers.

Updated ethernet drivers for better performance and stability, including
support for newer Intel chipsets.

Add support for the new Intel on-CPU Bull Mountain random number generator
found on IvyBridge and later CPUs.

Upgrade the PostgreSQL object-relational database system to version 9.4.0,
including significant performance improvements that benefit the entire

Upgrade the ISC DHCP server to version 4.3.2, including numerous stability

Upgrade the ISC BIND DNS server to version 9.10.2, including numerous
stability and security improvements.

Upgrade the squid web caching proxy to version 3.4.12, including numerous
stability and performance improvements.

Upgrade the FreeRADIUS RADIUS server to version 3.0.7, including numerous
stability improvements. RADIUS server performance has been significantly
improved under heavy load when handling many simultaneous requests.

Upgrade the samba SMB server to version 4.1.16, including numerous
stability and performance improvements. The integrated SMB file server now
supports the SMB 3.0 protocol for better performance and interoperability
with newer operating systems such as Windows 8.1 and OS X Yosemite.

Upgrade ruby to version 2.1.5p273 for increased web admin console and
captive portal security, stability, and performance. The web server now
loads (starts/restarts) much faster.

Upgrade perl to version 5.18.4.

Upgrade python to version 2.7.9.

Upgrade other various third-party software packages to their latest stable
versions for increased performance, security, and stability.

Add the nano text editor to the CLI environment.

Add the rsync tool to the CLI environment.

Add the git and subversion SCM tools to the CLI environment.

Many improvements to the FUSION and OS upgrade process. Remote software
packages are now compressed more efficiently.

Requires explicitly performing an OS upgrade on existing installations.

Fix rare bug causing errors such as: ‘DBD::Pg::st execute failed: ERROR:
value “268545632037” is out of range for type integer at …’.
Add a Devices scaffold to the Identities->Individuals page of the web admin
console. Facilitates searching for Accounts and Devices by MAC address.
Add the ability to configure a PMS Guest Match against a guest’s room number.
Fix bug causing a success message to be displayed to the end-user when an
offsite merchant payment was not verified with the merchant. An appropriate
error message is now displayed.
Content Filtering performance improvements.
Fix bug causing erroneous blips in aggregate graphs, particularly in
cluster deployments.
Add the ability to authenticate and authorize Administrators via the
TACACS+ protocol, thereby allowing centralized TACACS+ database users to
access the web admin console without having to configure them locally. The
desired Administrative Role may be statically configured or authorized
dynamically by the TACACS+ server via the use of a custom authorization
Fix bug where a cluster node enforced the maximum number of identities from
the node’s license and not the controller, which is always lower, resulting
in premature “Not licensed for more than … stored identities” errors.
Fix bug where computing the number of minutes left in a PMS Guest’s stay
did not take Daylight Saving Time changes into account. This prevented some
plans from being displayed in the portal for some guests under certain
deployment configurations.
Fix bug that prevented configuring HTTP Virtual Hosts for “.global” domains.
Fix rare bug causing “mail sender error: No recipient!” errors when
attempting to send an email notification to Admins because the backend
cannot connect to its database (e.g., a cluster node is not able to
communicate with the controller).
Colorize the output of ls and grep commands in the SSH terminal.
Fix bug that prevented configuring Device Options with “.global” domain
Fix bug causing rare error: “DBD::Pg::st execute failed: ERROR: could not
open relation with OID …”.
Prevent restoring a backup from a system with a newer database schema
version to a system with an older version. Fixes issue where restoring a
backup taken from a system running a newer build than the system being
restored can cause fatal errors in the web admin console.
Allow span to consume entire usable space of a public WAN address. This
accommodates the case where a public block is routed to an FUSION through its
primary WAN address, then used for NAT/BiNAT.
Prevent configuring an Uplink VLAN on the same physical interface as a LAN
port, which could cause a fatal packet filter error.
Fix bug that caused a 5 second delay when sending an email.
Fix behavior where searching for a MAC in the footer of the web admin
console should pre-populate the Device field with the MAC when clicking on
Create New within the Accounts scaffold.
Fix bug where a Custom Portal with a controller name containing a number
could be configured, yielding a broken portal.
Add secret question/answer logic to the quick purchase charge portal action.
Update MAC address vendor lookup table with latest IEEE OUI listing.
Add the ability to block SSH and/or web traffic terminating at the FUSION via
Admin ACLs.
OEM customization ability now requires a unique license.
A DHCP Uplink now sends an appropriate “host-name” and
“dhcp-client-identifier (uid)” attribute when requesting a lease, which can
improve interoperability with some DHCP servers.
Fix bug causing error ‘DBD::Pg::db pg_putcopyend failed: ERROR: value
“4294967348” is out of range for type integer CONTEXT: COPY pf_connection_logs’.
Add close button to the HTML Injection “virtual frames” recipe.
Fix issue where the nightly database maintenance routine could cause
excessive CPU consumption on busy cluster controllers.
Ignore DHCP utilization health notices for shared networks and pools
smaller than 14 maximum hosts (i.e., smaller than a /28).
Prevent configuring a HTTP Virtual Host record that conflicts with the FUSION’s’s
Fix bug where trying to initiate an upgrade via the web admin console after
a failed attempt (e.g., invalid credentials) would fail and display a blank
upgrade log unless it was at least 5 minutes after the first attempt.
Add CLI script that automates the installation of VMware Tools.
Fix rare bug where a DHCP Uplink’s IP could change, among other undesirable
behavior, when reconnecting its physical interface.
Ensure the web server backend restarts when its version changes. Fixes rare
issue causing SSL connection errors.
Fix bug causing a fatal error when running the “Utilization Summary” report
under some configurations.
Fix bug where the system clock may have become out of sync with upstream NTP
servers after an Uplink’s IP changed.
Fix bug that caused RIP to not announce routes properly.
Add NAS-Port-Type to the set of configurable RADIUS Attribute Patterns.
Improve performance when sorting and searching some Archive scaffolds by
time in the web admin console.
Fix bug causing fatal portal exception “Validation failed: Expiration must
be left blank if never is checked” when an end-user switches between a plan
having unlimited usage lifetime to a plan with finite usage lifetime.
Add the ability to batch edit the Bill date in the Accounts scaffold.
Update NTP server to address recent security vulnerabilities.
Add the ability to configure the service code sent to a Innsist PMS Server.
The Report “Past Time” configuration is now relative to the current time
instead of the beginning of the current day.
Fix bug causing intermittent SSL connection errors for some browsers under
certain conditions.
The Splash Portal remote URL, Landing Portal remote and redirect URL, and
Interstitial Redirect URL may now exceed 255 characters.
Fix bug where clicking on Show in the Interface Rates scaffold could result
in a Request Failed error.
Fix bug where an Account Group’s Policy was mislabeled as “active” in the
Policy diagram after searching for an IP/MAC belonging to an Account that
is not logged in.
Fix bug that could prevent deleting an Account having a Device and VLAN Tag
Assignment for the same MAC address.
The Comtrol UHLL PMS Server interface implementation now supports sending
the two-way, interactive posting message “POS Post Request (61)” in
addition to the previous behavior of sending a one-way, non-interactive
“Post (38)” message. This allows the PMS to reject charge postings for
various reasons even when a guest’s “inhibit” (no post) flag is unchecked
in their folio, such as a guest not having sufficient available balance.
Configurable via a new checkbox in the PMS Servers UI scaffold.
Fix issue affecting NTP time synchronization reliability.
Add the ability to configure Custom DHCP Option Spaces, enabling the DHCP
server to issue DHCP Option 43 to Ruckus APs.
Upgrade web server application framework to Ruby on Rails 3.2.21.
PMS Server duplicate transaction detection now operates against
webservice-based PMS interfaces (i.e., RG Nets FUSION API, Innsist).
PortalController#quick_purchase_charge now creates a SurveyResult if
necessary when logging in an existing Account.
Fix bug that caused Accounts not associated with a PMS Guest to be
overwritten by the PMS guest signup process.
The Innsist and RG Nets FUSION PMS webservice clients now include the currency
code configured in the end-user’s Usage Plan when posting a charge to a PMS
Fix incorrect media speed detection for some 10G network interfaces.
Change the default search filter from one month to three months for various
Archive UI scaffolds.
Improve NTP server reliability.
Fix bug that prevented configuring an Application and/or WAN Target specific
Bandwidth Queue that was faster than the non-specific queue.
Update HTTP User Agent database. Update MAC address vendor lookup table with
latest IEEE OUI listing.
Fix bug where a Usage Plan’s lifetime or expiration would not be applied to
an Account with no expiration set.
Add mail and content filter logs to the Archives->Logs page in the web admin
Improvements to RADIUS Server Realm proxying behavior. Realm selection for
the purposes of proxying RADIUS authentication requests is now consistent
with normal, non-proxy authentication requests. Previously a realm was
selected for proxying only if a matching Account was found, and did not
consider configured RADIUS Attribute Patterns or MAC Groups. Proxying also
now supports appending dynamic attributes to the reply.
Fix bug causing a fatal error when running the “Utilization Summary” report
under some configurations.
Fix issue where sometimes a device not behind a captive portal is
temporarily assigned to th wrong Uplink, which can persist incorrectly for
connection states that last a long time (e.g., VoIP sessions).
Update the bash shell to the latest version to address concern over the
“Shellshock” vulnerability. Note that the FUSION platform was never vulnerable
to Shellshock and other similar exploits because bash is not utilized for
anything other than the Admin SSH environment. Attempting to sneak
maliscious code into environment variables and execute it via the web server
or other services is not and never was possible.
Add the ability to disable sending database resync request messages to
Comtrol UHLL PMS Servers.
Fix bug that caused portal failure health notice: “undefined method `to_sym'”
when a device was added through the manage devices page and the specified
MAC address could not be added to the account.
Improve security of the SSL web server:Disable SSLv3 to address “POODLE” vunlerability (CVE-2014-3566).

Disable TLS 1.0 compression to further address “CRIME” vulnerability (CVE-2012-4929).

SSLv2 is now explicitly disabled in addition to the previous behavior of not
allowing any SSLv2 supported ciphers.

Disable additional weak ciphers and prefer modern ciphers and protocols to
facilitate using the best possible encryption in all browsers.

Add the ability to configure a Database Purger for MAC Group members (“macs”
table). MAC Group members are purged only if the MAC address has not been
seen on the network and the record has not been updated within the
configured time.
Add the ability to configure a Database Purger for graphing data (RRDs).
Backend performance improvements.
Fix bug that broke Triggers when used in conjunction with Account sharing
Bandwidth Queues.
The list of available time zones in Device Options is now more
user-friendly, including and sorted by the GMT offset.
Remove restriction on Infrastructure Device IP address having to fall within
a LAN network or static route.
Network I/O performance enhancements. Requires reboot to take full effect.
AR Transactions are now automatically deleted along with an Account.
Add support for utilizing ruby MS SQL client library for custom portal
integration with third-party database servers.
Add the ability to configure an IP Group and/or MAC Group in a Quota Trigger.
Fix bug where graphs could be sized incorrectly when zooming into the web
admin console with a browser.
Fix issue that broke IPsec functionality when thousands of VLANs were
Fix bug that negatively affected backend login times for some deployments.
Add NAS-Identifier, NAS-IP-Address, and NAS-Port as valid RADIUS Attribute
Fix issue where CPU temperature was not reported on some AMD-based systems.
Requires kernel upgrade.
Fix issue that caused some cluster controller upgrades to fail.
Performance improvements for deployments without the use of a captive portal.Add the ability to configure the default idle timeout via the Network
Options scaffold, which is a fallback setting for devices not behind a
Landing Portal. Previously this was hardcoded to 15 minutes.
Fix bug causing ‘integer out of range CONTEXT: COPY ip_traffic_rates” …’
errors on some deployments.
Update “Utilization Summary” report.Add new “RADIUS Server Accounting Summary” report.
Various scaffold UI performance improvements and bug fixes.
Improve performance of various reports, fixing issue where viewing a report
could eventually generate an internal server error (500).Fix bug causing fatal error when generating the “Monthly Guest Statistics”
and “Heavy Accounts Summary” reports.

Long integers in generated reports are now more human-readable.

Fix bug that caused portal failure Health Notice “undefined method
‘lock_devices?’ for nil:NilClass”.
Increase web server performance in development mode.
Add a precedence field to RADIUS Attribute Pattern configuration, which
enables the operator to assign priorities to different RADIUS attributes
when matching authentication requests to RADIUS Server Realm configurations.The RADIUS server now enforces Account Group, MAC Group, and RADIUS
Attribute Pattern precedences relative to each other when matching a request
to a configured realm, instead of the previous behavior where the precedence
order was always Account, then MAC Group, and lastly RADIUS Attribute
Pattern. This enables the operator to have greater control over how dynamic
VLANs are assigned based on the RADIUS request.

Accounts belonging to a Policy without a configured RADIUS Server Realm are
now ignored when matching RADIUS authentication requests to a realm (e.g., a
MAC Group or RADIUS Attribute Pattern matching the request is used instead).

Fix bug affecting RADIUS Realm logins.
Add the ability to search the various Transaction scaffolds by amount via a
range operator (e.g., >=).
Fix bug affecting URL rewrite and interstitial redirection functionality.
RADIUS accounting packets received from an Infrastructure Device (e.g., a
ZoneDirector on the LAN) no longer affects Login Sessions. RADIUS Server
Accounting Logs now record the related RADIUS Server Realm. Improve RADIUS
Server Accounting Logs scaffold.
VLAN Tag Assignments are now expired when there is still a DHCP lease on the
related VLAN when reuse VLANs is enabled in the RADIUS Server.
Add duplicate transaction detection feature to Merchant gateways. Charge
attempts for the same Account, Usage Plan, and Merchant within the last 60
seconds are now ignored by default. The timeout is configurable via the
Merchants scaffold. Similarly, duplicate charge detection for PMS Servers is
now configured as a operator-defined timeout instead of a checkbox. A
timeout of zero disables duplicate charge detection.
Fix fatal PF error when there are many groups and/or addresses configured
under certain circumstances.
Add the ability to configure an end date/time for periodic Email Campaigns.
Fix bug causing performance issues for RADIUS server accounting requests.
Improve performance when dealing with accounting Start messages.
Fix bug where a downed Uplink in a Link Control setup caused the WAN load
balancer to become out of balance for the rest of the day after the Uplink
came back online.
Update HTTP User Agent database. Update MAC address vendor lookup table with
latest IEEE OUI listing.
Backend performance improvements.
Add the ability to configure individual Access Points belonging to an
Infrastructure Device (e.g., ZoneDirector). Add the ability to group Access
Points and Switch Ports together as Infrastructure Area configuration
records, which are now available in the conference tool configuration to
associate a conference with an area covered by specific Access Points and
Switch Ports.
Fix bug where changing a PPPoE Uplink’s username or password did not restart
the PPP session.
Fix bug where hitting the conference tool via browser before authenticating
as an Administrator would incorrectly redirect to the web admin console
instead of the conference tool after login.
Fix rare bug where adding/removing/updating a Network Address was not
reflected in the live Interface/VLAN configuration.
Increase VLAN Tag Assignment timeout maximum from one day to two months.
Fix fatal error on old systems with 2GB of memory. Minimum for new licenses
is now 4GB of total system memory.
Fix bug where accessing the web admin console via HTTP instead of HTTPS
caused the operator’s browser to enter a redirect loop instead of correctly
redirecting to HTTPS.
Add the ability to add multiple sales contacts to a Conference.
Performance improvements for cluster deployments.
Improve web admin console performance when accessed via IP address or the
hostname ‘rxg.local’.
Change virtual frames HTML Injection recipe to appear on mobile format web
Fix bug causing intermittent fatal PF error under rare conditions involving
a configured FUSION Forward.
Add the ability to graph backend login seconds via a System Graph.
Fix bug causing ‘integer out of range CONTEXT: COPY interface_rates” …’
errors on some deployments.
Fix issue causing memory exhaustion on some systems.
Fix bug that caused multiple transaction records to be created for a single
transaction under certain configurations using First Data.
Fix bug where searching Admin Logs by Scaffold name sometimes did not yield
the expected result.
The web proxy services now initiate connections from more than one IP
address when multiple addresses are configured for an Uplink. End-user
devices now use their assigned NAT IP when accessing websites via the
persistent web cache, content filtering, and/or HTML rewriting proxy
Login Sessions created by the RADIUS server now store the Acct-Session-Id
Many backend performance improvements.
Add ruby rrd-ffi and librrd gems to rails environment.
Upgrade web server application framework to Ruby on Rails 3.2.19.
Various conference tool UI tweaks.
Fix bug causing some systems to crash when accessing an Admin SMB server
Update MAC address vendor lookup table with latest IEEE OUI listing.
Add the ability to configure a remote logging server via the Device Options
Add the ability to authenticate Administrators via RADIUS. The operator may
now configure a RADIUS Realm to point to a single Administrative Role,
thereby allowing any valid remote RADIUS users to act as Administrators
without having to configure them locally. The desired Administrative Role
may be overridden by the Class attribute in the RADIUS Access-Accept packet,
where the attribute’s value matches the name of a configured role.
Add Current, Average, and Maximum readouts to all Graph labels, displaying
the corresponding values over the duration of the graph time. For example, a
“24 hour” Uplink Network Graph now includes the instantaneous upload and
download rate along with the average and maximum throughput over the 24 hour
period.Graph titles have been simplified and now include the configured name of the
Graph record.
Update Reports for new Marriott standards: Add new “Realtime Guest
Statistics” report. Rewrite the “Daily Bandwidth Utilization” (Marriott
“Bandwidth Consumption Summary”) report. Add new required “peak throughput”
columns to the “Daily Conference Statistics” report.
Fix bug where flushing an individual DHCP Lease via UI scaffold could result
in a fatal error.
Fix broken “Hourly Data Usage” and “Daily Data Usage” reports.
Fix bug that caused a Usage Plans with unlimited time configured
to not be shown as a PMS Guest Match for guests that should have
matched the plan.
Various performance optimizations.
Add support for utilizing ruby MySQL client library for custom portal
integration with third-party database servers.
Fix bug causing unnecessary health notices such as:”critical_ip_message (CRITICAL) – detected potential problem(s) pertaining
to critical host(s) pf: state key linking mismatch! …”.
Add support for HP switches to be configured as an Infrastructure Device,
which allows the conference tool to map switch ports to conferences and
dynamically configure desired ports to be tagged for a conference’s VLAN.
Add the ability to include Addresses in BGPs configuration as networks to
Disable NAT on Uplinks to non-default routing table entries that are not
part of an Uplink’s directly attached network (e.g., BGP or static route
destinations traversing a WAN interface).
The Login Session Log reason of “Session-Hijack” has been renamed to
“MAC-Mismatch” for clarity reasons.
Various cluster controller performance optimizations.
Configuring a Database Purger for the dhcp_messages, pf_connection_logs,
and/or web_proxy_hits tables with an age of zero now entirely disables
logging of the records.
Upgrade web server application framework to Ruby on Rails 3.2.18, containing
important security fixes.
Improve RADIUS server performance for traditional RADIUS accounting requests
(i.e., non-DVLAN).
Fix bug in “Data Usage By Port” report that incorrectly labeled packet
counts as bytes.
Fix bug causing a fatal error when an operator exports a scaffold where the
column being sorted against is not included in the list of columns to
include in the export file.
Fix sorting by HTTP User Agent in UI scaffolds.
Fix bug where an Account was not being associated with its Device’s VLAN Tag
Assignment in certain situations.
Fix byte and duration column averages in the Web Proxy Hits scaffold to be
Fix bug causing the /var filesystem and/or system memory to overflow on some
Fix bug causing error: “ActiveRecord::StatementInvalid: PG::QueryCanceled:
ERROR: canceling statement due to user request”.
Fix bug causing portal error: ‘duplicate key value violates unique
constraint “index_accounts_on_login”‘.
Fix bug where changing an existing VLAN’s physical Ethernet Interface
resulted in the VLAN being disabled entirely until the FUSION was rebooted or
the backend manually restarted.
Fix bug in a cluster deployment where a VLAN tag was incorrectly reused when
there were more available VLANs.
Change the bash command-line shell’s default pager from “more” to “less”.
Add the ability for an Admin to customize their bash configuration via the
~/.bash_custom file.
Add the ability to filter by Policy in “Operating Systems” and “Web
Browsers” reports.
Fix backend issue on older systems having only two logical CPUs.
Fix rare bug causing a portal failure exception of “Validation failed:
Device MAC is invalid”.
Fix issue where some models were missing database schema information in the
manual’s API documentation.
PF Connection Logs are now archived for all protocols instead of only TCP
and UDP.
Improve NAT assignment of individual public IP addresses to LAN IPs when
there are many public NAT IPs configured, possibly more than there are
actively connected devices. Alleviates issue where two or more active device
IPs could be sub-optimally assigned to the same public NAT IP under certain
Update the HTTP User Agent database used to record an end-user’s browser
type. Fixes issue with reporting the User Agent as “Other” for common
A Device’s existing VLAN Tag Assignment is now automatically flushed upon
Account creation/login if the Device is no longer assigned to the correct
RADIUS Server Realm as configured by the Account’s Policy.
Fix issue where an Account’s VLAN Tag Assignment could be flushed from WLAN
infrastructure before the end-user was finished loading the login success
portal page.
Increase CPU coretemp thresholds to reduce frequency of false-positive
health notice alerts.
Fix cosmetic issue when displaying long backup filenames in the Restore
dialog of the System->Backup page of the web admin console.
Fix issues causing excessive memory utilization in recent builds.
Fix bug causing instances of error “PG::TRDeadlockDetected: ERROR: deadlock
Fix bug causing two PF Connection Logs to be recorded for the same
connection under some circumstates.
A payment method’s stored credit card number is no longer displayed within
update forms in the web admin console and default portal.
Fix bug causing network and system graphs to break when the SNMP listen port
was configured to something other than the standard port (161).
Add support for the Aerohive Access Point Hive as an Infrastructure Device,
allowing the configuration of per-Account dynamic VLAN’s with Aerohive
Fix bug causing error ‘duplicate key value violates unique constraint
Add “Data Usage By Port” and “Data Usage By Destination” Reports.
Add the ability to configure Reports as “human readable”, which indicates
whether or not numbers in a report are formatted or converted into
human-consumable values (e.g., GB instead of bytes).The “Daily Data Usage By Account” report now contains separate columns for
bytes/packets up and down.
Fix bug where an IP’s existing states were not flushed after exceeding a
configured Trigger’s parameters (e.g., Max Connections Trigger).
Backend performance improvements.
When removing an Account’s Device, automatically purge any VLAN Tag
Assignments having the same MAC address.
Fix bug affecting the accuracy of Account, Login Session, and PF Queue Log
byte and packet counters and their related graphs.
Enable support for high resolution graphs on HiDPI / retina displays.
Add the ability to skip sending a Custom Email based on coded logic in the
email subject/body.
Fix bugs causing error emails from “Cron” containing: “Check rxgd detects
that rxgd may be hung.”
Dont start or configure any of the web proxy services unless they have at
least one Policy configured.
Improve backend performance on systems with many configured VLANs and ARP
Fix issues with and improve display of the “Daily Data Usage By Account”
Improve packet filter states instrumentation scaffold to include the related
Login Session, Account, expiration timestamp, and byte/packet counts.Archive metadata of all connections that transit through or terminate at the
FUSION, including start/end times, duration, source/destination/NAT address and
port, protocol, MAC address, Login Session, Account, and byte/packet totals.
This adds a new Archives->Connections page in the web admin console.
Fix bug where “PayPal Express Checkout for Digital Goods” was incorrectly
listed as a supported direct Merchant gateway.
Archives (e.g., Login Session Logs, Expired DHCP Leases) and Transactions UI
scaffolds now load with a default search filter of the previous month, week,
or day, depending on what is appropriate for a given scaffold. The date
range may be changed via the first field in the Search form. This increases
the loading performance of some pages and makes the initial summary columns
more useful to the operator.
Fix performance issue with various utilization reports, where running
the report could result in a server error.
Update MAC address vendor lookup table with latest IEEE OUI listing.
Improve search feature for PF States, Login Sessions, and VLAN Tag
Assignments scaffolds to be able to filter against specific fields.Various minor enhancements and bug fixes to UI scaffolds.
Fix bug causing a fatal exception in a conference portal when a Portal
Modification is configured without any custom HTML.
Improve NTP server time synchronization reliability.
Fix bug causing missing data-points in Uplink graphs when a network
interface’s data rate approached the configured speed of its Uplink.
Fix bug causing false-positive “DHCP server incoming message rate exceeded
limit – possible DHCP DOS attack detected!” warnings.
Fix bug where clicking “Graph” or “Web” for an existing ARP Entry could
result in a RecordNotFound error.
Fix bug causing Fatal Error 500 in the Archives->Logs page for the PMS
log when a PMS Server includes invalid UTF-8 characters in a response.
Many backend performance improvements.
Sort labels by name in generated accounting/network/system graphs.
Fix rare bug where a misconfigured application port forward with
autoincrement enabled could increment the destination port beyond the legal
port range, causing a fatal PF configuration error.
Fix issue where a PMS guest could post duplicate charges by logging in with
their name/room on more than one device at the same time.
Fix issue where meeting the intersession limit of one Shared Credential
Group prevented an end-user from logging in with a different shared
Disable health notices with a severity of warning for the web cache
filesystem because it being around 85% full is normal behavior. The web
cache is still automatically flushed if the filesystem reaches 93% usage
instead of issuing a critical overflow health notice at 95%.
Update MAC address vendor lookup table with latest IEEE OUI listing.
Fix bug causing Fatal Error 500 for PMS guests that had invalid data in
the response from the PMS server.
Fix bug that prevented the proper idle timeout of Login Sessions that were
created by background automatic login and never initiated outbound
connections to the WAN.
Improve dynamic VLAN assignment algorithm to better distribute VLAN IDs
amongst cluster nodes. Automatically expire VLAN Tag Assignments for
inactive (downed) cluster nodes.
Improve RADIUS Server performance for busy cluster deployments.RADIUS Server Options tuneables (e.g., max servers) are no longer
configurable by the operator and are instead appropriately tuned
automatically based on system hardware and expected number of connected
Fix bug causing prorated credit to be granted to users whos previous
usage plan had already expired.
Add support for facebook login to default mobile portal.
Significant improvement to ad element overlay HTML Injection recipe.
ADWIDTH and ADHEIGHT will be substituted for actual ad width and height.
Fix bug causing fatal error for some systems on the Archives->Admins page of
the web admin console.
Conference Tool improvements:Add checkbox to Custom Portal and IP Group to identify with a conference
instead of having to include “conference” in the name.

Automatically create a Subnets Filter when creating a conference.

It is now safe to change the name of an existing conference record.

Add checkbox to the PMS Servers configuration scaffold that toggles whether
or not Usage Plans without a configured PMS Guest Match are displayed in the
portal when a guest matches at least one plan. The default behavior is to
now hide plans without a configured match if a guest matches at least one
other plan with a PMS Guest Match configured.
The set of Usage Plans offered to a PMS Guest end-user via the portal is now
correctly limited to the plans configured in the effective Splash or Landing
Fix bug causing fatal error when searching for a MAC address via web admin
console global search on a cluster controller.
Fix minor display bug with generated policy and network diagrams.
Fix issue where a Health Notice caused by a custom portal exception repeated
many times can adversely affect database performance and possibly cause
filesystem overflow.
The Infrastructure Devices configuration scaffold has been moved to the
Network/LAN page of the web admin console.
Detect and fix a rare situation where the backend process is running without
Fix bug causing instances of error “PG::TRDeadlockDetected: ERROR: deadlock
Change the default portal to allow PMS guests with “no post” set to purchase
free plans.
Fix bug where the original page an Admin tried to surf to was not remembered
after logging into the admin console.
Improve admin conference tool to hide an inactive conference’s SSID.
Fix bug with that prevented some Android devices from redirecting to the
portal immediately after connecting to a Wi-Fi network.
Improve nightly database maintenance routines. Fixes issue on some systems
causing error emails from “Cron” containing: “Check rxgd detects that rxgd
may be hung.”
Clicking an event in the conference tool calendar now downloads the event as
an ICS file.
Many usability improvements to the admin conference tool.
Add the ability to configure a RUCKUS ZoneDirector’s WLAN SSID via the admin
conference tool.
Fix issue where having configured and deleted many Remote DPI Signatures
could cause the /usr disk partition to consume too much space.
Add the ability to configure basic modifications to portals via the admin
conference tool interface. Allows for easy customizations to a captive
portal by uploading logo files and making WYSIWYG edits to portal views.
Fix bug causing ‘integer out of range CONTEXT: COPY pf_queue_logs” …’
errors on some large deployments.
Add the ability to download Reports as simple XML documents, excluding
title lines.
Attempt to automatically repair the web cache after filesystem corruption,
which can cause the web proxy to stop functioning under very rare
Add new fields to the PMS Guests table that are commonly used by PMS
interfaces and were previously stored as customX fields (e.g.,
loyalty_number), making PMS Guest Matches easier to configure. Existing PMS
Guest Match configurations are updated automatically with the field changes.
Add admin conference tool feature.
Fix issue with the Agilysys PMS interface causing some guest change records
to be ignored.
Many backend performance improvements.
Fix bug causing an exception when an invalid HTTP request generated by
the GoPro iOS app was redirected to the captive portal.
Store the appropriate Account Group in the following records, allowing the
operator to search and sort by it in UI scaffolds and API/database
integrations: AR Transactions, Expired VLAN Tag Assignments, PMS
Transactions, RADIUS Server Accounting Logs, Redeemed Coupons, Survey
Results, Merchant Transactions, Triggers, and VLAN Tag Assignments.
Add the ability to configure the number of archived log files to retain on
the filesystem.
Add the ability to display more than the default 20 rows in the second level
domains report of the web proxy archives page.
Allow the use of free plans in the quick_purchase_charge portal action.
Fix bug that sometimes caused a fatal exception when clicking on a zoomed-in
graph image.
Add the ability to configure RADIUS attribute pattern matches in RADIUS Server
Realms, which will authenticate requests containing a matching attribute. For
example, the operator may match against the WiFi SSID contained within the
Called-Station-Id attribute to assign different VLANs depending upon which
SSID an end-user connects to.
Fix bug causing portal exception errors such as: “Validation failed: MAC
“aa:bb:cc:dd:ee:ff” is not allowed because it conflicts with account “nick”.
Trying to login to a different Account than the one a device is locked to
will now produce a graceful error in the portal. Requires adding a new error
symbol (:device_locked) to the flash view in existing custom portals.
Fix bug where deleting a configuration row in a scaffold could cause its
associated configurations to remain unavailable for new records of the same
type as the configuration that was deleted.
Update MAC address vendor lookup table with latest IEEE OUI listing.
Add the ability to configure the number of months, weeks, or years for Usage
Plan relative lifetime in addition to minutes, hours, or days. Allows the
operator to configure more accurate monthly plans instead of specifying the
number of days in a month. The usage expiration date/time set in the Account
ends on the same day and time of the month/week/year that the plan is
Update the default portal to allow provisioning Accounts to PMS guests
supporting more than one device per Account.Add an “Account sharing” option to the PMS Servers scaffold to configure how
Accounts are shared between multiple registered guests in a room’s folio.
The available options are:

per-Device – an Account is created for every device (old behavior).
per-Guest – an Account is created for each unique guest name checked into a
room and shared by all devices that supplied the same name and room.
per-Room – an Account is created for each set of guest names checked into a
room at the same time and shared between all devices.

Upgrade web server application framework to Ruby on Rails 3.2.16, containing
important security fixes.
Add the label of the selected menu item to the HTML title in the web admin
console pages.
Add support for proxying RADIUS Server requests to other remote RADIUS
Add the ability to disable posting zero amount charges to a PMS Server.
Add the ability to disable duplicate charge prevention for a PMS Server.
Add the ability to configure dynamic VLAN deployments to share VLAN IDs
between Accounts or Rooms, in addition to the existing behavior where every
device gets its own VLAN. Configurable via RADIUS Server Realms scaffold.
Account Policies must be configured in the RADIUS Server Realm.
Rename “Users” to “Accounts” and “User Groups” to “Account Groups”.
System database table and API class names have also been renamed.
Existing custom portals on the FUSION device are upgraded automatically.
Add a Bandwidth Queue shaping mode of “Account”, where end-user accounts
with multiple Login Sessions will share a bandwidth rate limit between the
devices. “Group” and “Account” shaping are mutually exclusive for a given
Policy – only one type (“Account” or “Group”) may be configured in addition
to “Device” (IP) and “Policy”.
Improve performance on systems with thousands of VLANs.
Improve loading performance of the Archives->Web Proxy page, which could
timeout and display an internal server error on systems with millions of web
requests per day.
Add support to login from multiple devices with the same User account or
Token. A UsagePlan/User’s max sessions configuration parameter limits the
number of simultaneous login sessions per account. It is recommended that an
existing custom portal’s “already_logged_in”, “manage_devices”, and “flash”
view templates are updated to match the new default portal.
Fix bug where an Interim-Update accounting packet from a RADIUS NAS could
incorrectly alter the usage byte/packet counters of a Login Session with a
different IP address than the Framed-IP-Address of the RADIUS request.
Fix bug where the portal application would not redirect the end-user to the
correct Cluster Node if the end-user was behind a routed network configured
via a Static Route.
Add support for Facebook login integration to the default portal. Requires
configuring a Facebook App ID and Shared Credential Group in a Custom Portal
Fix bug where an end-user’s desired URL was sometimes wrong after logging in
to the portal, usually when the end-user had previously logged in before.
Change a User’s MAC to be stored as a separate “Device” record. Allows
multiple devices/MACs to be associated with the same User, mainly for
automatic login purposes. Configurable via Users scaffold.
Add %random_number% as a substitution variable for remote captive portal and
interstitial redirector configurations, populated with a random eight digit
integer. May be used to alleviate issue where some iOS devices tend to
illegally cache remote portals.
After an Agilysys PMS performs nightly maintenance, skip the guest database
resyncronization process, which can take a long time and is unnecessary.
Update MAC address vendor lookup table with latest IEEE OUI listing.
Fix bug where the RADIUS server would fail to authenticate an end-user’s MAC
via MAC Group/Pattern matching if a User having the same MAC address was in
a Policy not associated with a RADIUS Server configuration.
Fix scaffold export bug resulting in a fatal exception when trying to export
the result of searching against a column, where that column was not selected
as a column to export. For example, searching transactions for a specific
Usage Plan and then exporting the result without selecting the Usage Plan
Decrease likelihood of erroneous “killing process …” errors.
Add an “autoincrement ratio” to VLAN configuration options, which controls
the number of Address autoincrement subnets that are setup on each VLAN tag.
Allows the operator, for example, to easily configure many /30 subnets on
many VLANs to be used in conjunction with dynamic VLAN assignment when the
number of available VLANs exceeds the expected number of simultaneous
end-users, and client broadcast isolation is desired.
Enable debug mode by default in RADIUS Server Options configuration.
Add the ability to configure the number of months, weeks, or years for a
Time Plan in addition to minutes, hours, or days. Allows the operator to
configure more accurate monthly plans instead of specifying the number of
days in a month. The number of minutes allocated to the user end on the same
day and time of the month/week/year that the plan is applied.
Upgrade web server application framework to Ruby on Rails 3.2.15, containing
a minor security fix.
Fig bug where increasing the licensed maximum number of Login Sessions would
not immediately take effect for automatic login behavior.
Add a PMS webservice API specification and client that a PMS vendor may
utilize to add support for interfacing with an FUSION’s PMS Server interface.
Improve DHCP Match Rules configuration scaffold usability. Fix bug where the
operator could configure a match rule with an illegal hardware string that
caused the DHCP server to stop functioning.
Fix bug causing a user account to be deleted as the result of a
transaction failure under certain circumstances, even if that user had usage
Fix bug where a Remote DPI Signature’s categories was not modifiable via API.
Fix bug where deleting a configuration record could time-out and result in
an error 500 if it had many associated log records (e.g., a Usage Plan with
many old Login Session Logs).
Remove support for and reliance on the Prototype JavaScript framework in
favor of only jQuery. Reduces portal delivery size and end-user browser
overhead. Improves web admin console performance.
Fix rare bug causing error emails from “Cron” containing: “Check rxgd
detects that rxgd may be hung.” on some systems in the southern hemisphere
after a Daylight Savings Time shift.
Fix bug that broke remote backups via SFTP when one or more single quote
characters were present in the password.
Add the ability to download Reports as XLSX (Excel Microsoft Office Open XML
Format Spreadsheet) files in addition to CSV. Reports are now attached to
Custom Emails as XLSX files.
Configuration export improvements:Add the ability to export scaffold data as XLSX (Excel Microsoft Office Open
XML Format Spreadsheet) files in addition to CSV. Exporting via XLSX format
is not recommended for large datasets.

Add “Select All” and “Select None” links to make selecting the desired set
of export columns easier.

Column header names now match what is shown in the UI instead of the system

Improve the name of the export file to contain the system domain name and

Fix bug with remote FTP backups using a full path as the destination path.
Fix duplicate key error causing excessive database re-sync requests with
the Agilysys PMS interface.
Fix bug affecting behavior of CIDR blocks larger than /30 configured in an IP
Upgrade web server application framework to Ruby on Rails 3.2.14 and ruby
gems to latest stable versions. Minor admin console and captive portal
stability and security improvements.
Add the ability to include Accounting, Network, and System graphs in Custom
Emails as attached PNG files.
The RADIUS server now authenticates requests where the Calling-Station-Id
matches a User’s MAC address.
Add “Triggered Events Summary” report.
Add the abilty to include generated Reports in Custom Emails as HTML and
attached CSV files.
Add the ability to configure a Report for various periods of time in the
past, in addition to specific start/end times. e.g., “Last 7 days”,
“Yesterday”, “Last Month”.
Improve performance and memory utilization on systems with many Users and/or
Fix rare issue where the backend may hang indefinitely when sending Health
Notice emails, resulting in “Check rxgd detects that rxgd may be hung” error
Fix bug that prevented a transient group membership’s IP from effectively
belonging to an IP Group, thereby breaking certain Trigger behavior.
Fix bug causing unreliable SNMP server logging.
Remove harmless warning in PMS interface log when receiving an ACK char from
Galaxy PMS.
Add support for more than one HTML Payload Rewrite configuration, allowing
the operator to create different injections for different policies.
Fix database performance issue when running newer builds on outdated
operating system FreeBSD 8.3.
Fix issue where sometimes a portal end-user needed to be redirected to a
different cluster node and was not.
Fix bug affecting IPsec tunnels when used in conjunction with autoincrement
network addresses.
Fix bug with Device Options view of the built-in manual.
Add “Daily Data Usage” report.
Add “Detailed Data Usage” report.
Fix performance issue when there is an exceedingly high DHCP server request
rate and dynamic VLANs are configured.
Fix bug affecting log rotation.
Add “Hourly Data Usage” report.
Improve performance when using certain Intel NICs at high load deployments.
Update MAC address vendor lookup table with latest IEEE OUI listing.
Fix bug that broke OS updates for some systems.
Add support for a PMS checking in multiple rooms under the same name and
guest ID/number.
Fix bug causing some POST messages to fail when using Agilysys LMS.
Make the configurable log rotation hour affect when nightly database
maintenance is performed.Resolve rare error message when performing nightly database maintenance:
‘vacuumdb: vacuuming of database “config” failed: ERROR: tuple concurrently

Improve error detection and reporting for nightly database maintenance

Fix bug that sometimes caused the web cache to overflow the disk.
Automatic correction for various files that can be corrupted in the case of
an improper shutdown.
Fix bug that sometimes caused an incorrect IPsec configuration state when an
Uplink fails.
Better protection against excessive CPU utilization in defective custom
portals and applications in general.
Workaround for bug with Agilysys LMS that sends erroneous ‘Duplicate Ticket’
messages for POST’s that are not actually duplicates.
Fix bug causing a health notice when a RADIUS Server had more than one
VLAN configured and the number of VLAN assignments exceeded the size of a
single VLAN’s tag range.
Add automatic login capability to Shared Credential Groups.
Credential, access and session restrictions are still enforced on subsequent
automatic login attempts.
Add the ability to configure background automatic login mode for landing
Enable automatic login for Tokens.
Fix bug affecting an Infrastructure Device with a password containing
special characters and improve error handling and notification.
Fix bug that broke some statistics gathering and graphing functionality when
the SNMP community string contained an ‘@’ character.
Fix bug affecting log rotation.
Add the ability for a user to sign up for a plan that supports more than one
device. Total allowed devices is configured in the max sessions field of the
Usage Plan. Works with dynamic group generation for shared bandwidth between
the devices. Works with L2/L3 unit isolation for the devices.
Add the ability to configure the hour during which system logs are rotated
via the Device Options scaffold. Improve log rotation to reduce CPU overhead
and the amount of time it takes to restart critical services.
Store a User’s IP, MAC, and hostname when creating transaction records for
offsite merchant gateway payment notifications, instead of the remote
payment gateway’s IP.
Improve backend login time performance.
Fix exception in the portal caused when a hotel guest leaves the guest
profile page open, and attempts to re-use a connection after the guest has
checked out.
Fix bug causing the Network dashboard page not to display properly when
a PPPoE was configured without an Uplink association.
Fix bug causing the Identities->Definitions page not to display properly.
Fix bug causing duplicate parameters to be added to the URL string when
using a remote portal.
Add “Daily Guest Revenue” report.
Fix intermittent UTF-8 encoding error when viewing web server logs/reports.
Fix bug causing a user with no usage remaining to get stuck at the
please wait page in the portal when signing in.
Add range offset limit (cache range request prefetch limit) configurability
to the web cache server.
Fix bug that prevented port forwarding to idle devices on the network.
Modify PMS Guest Match behavior to be more restrictive with plan
selection. Do not count transactions for expired plans. Only match
plans from a PMS Guest Match whos group belongs to a previous transaction.
Add support to the API for altering “Secret Answers”.Add User authenticate action to the API.
Fix bug with Daily Guest Statistics report.
Add initial support for third-party infrastructure devices integration
(e.g., Ruckus ZoneDirector).
Tweak list of exportable columns in Users, Tokens, and Coupons scaffolds to
improve export performance and remove unnecessary fields from the resulting
Enhancements to default portal to better support plan upgrades for PMS
Add portal support for per-unit VLANs when using PMS.
Update “Daily Guest Statistics” report to include totals row.
Fix bug with inline display of report in XML format.
Add “Daily Conference Statistics” and “Monthly Guest Statistics” reports.Various Report improvements.
Add checkin and checkout timestamps to PMS Guest records indicating the last
time a checkin/checkout message was received from the PMS. Facilitates
reporting against PMS servers that do not supply a guest’s arrival or
departure time (e.g., Marriott).
Add the ability to configure the DHCP server with vendor-specific options
(DHCP Option 43) via the Custom DHCP Options scaffold.
Fix bug that prevented an Admin from permanently deleting a Custom Portal
directory from the filesystem.
Tweak memory footprint of the web server.
Add system IUI (Installation Unique Identifier) and shutdown/reboot buttons
to the initial Admin creation page of the web admin console.
Fix bug where some obscure WISPr clients were not redirected to the portal.
Fix bug causing exception in captive portal when a client is missing an HTTP
user agent identifier.
Fix issue where uplinks configured with an address span greater than 1 could
switch the WAN IP an end-user was being NATed to at an undesirable time.
Fix “invalid byte sequence for encoding “UTF8″: 0x00” error when
instrumenting web proxy requests.
Improve memory utilization on systems having many Users with automatic login
Fix bug where sometimes stale instrumentation records are leftover after
creating a cluster controller.
Fix bug where the DNS Server visibility option could not be set to include
the WAN. Limit recursive queries to only LAN clients and permit
non-recursive queries from configured WAN Targets.
Upgrade web server application framework to Ruby on Rails 3.2.13, containing
important security fixes.
Upgrade web caching/proxy software with recent security patches.
Modify quick purchase functionality to automatically detect login, password,
and password_confirmation form fields and use them if they exist for user
creation. This allows for easy modification of the quick_purchase view in a
custom portal to allow an end-user to choose her own username/password
instead of having one auto-generated.
Add “initial minutes” configurability to interstitial redirect mechanism.
This new configuration option enables the operator to override the
periodicity of the “minutes” for the first redirect. This may be set to “0”
so that the end-user will experience interstitial redirect immediately upon
Add a “MAC OR cookie” automatic login mode, where an end-user will be
automatically logged into the portal if her MAC matches that of the previous
session OR her browser still has a cookie from the last time. The existing
“MAC + cookie” mode that requires the MAC to match AND an existing browser
cookie has been renamed to “MAC AND cookie”.
Ability to configure the Revenue Code of the Marriott PMS interface.
Fix blank “Charge To Property” field in Agilsys PMS charge posting messages.
Shared Credential Group enhancements:Add the ability to configure shared groups for specific Splash Portals,
allowing the operator to restrict shared credentials to certain

Add the ability to limit shared credentials to specific days of the week.

Add the ability to configure recurring shared groups, where the
effective/expires time is automatically bumped based on a recurring interval
(e.g., daily, monthly, yearly).

Add a “state” configuration, allowing the operator to configure a shared
group as active or suspended.

Add fields to store general customer and sales contact information about a
scheduled hotel conference which can be useful for event planning and in a
custom portal.

Add a configurable “message of the day” field to be displayed in the captive
portal after login.

Send a “TEST” message to Galaxy PMS servers every 15 minutes as a connection
Add inline “Graph” links to Network, System, and Accounting Graphs scaffolds.
Fix bug where the license QR code image was not displayed on some systems.
Add official support for the Marriott PMS interface.
Automatically generate a random alphanumeric credential when creating a new
Shared Credential Group.
Fix bug causing portal error: “Validation failed: Agent has already been
Add “Daily Merchant Transaction Statistics” report to count and sum daily
credit card transactions for a set of policies/plans.
Record an end-users HTTP User Agent when accessing the captive portal. User
agent is recorded with every login session and transaction. Enables
reporting against browser type, version, operating system, etc. Adds a new
“User Agents” scaffold to Archives->Portal.Add “Operating Systems” and “Web Browsers” reports displaying number of
sessions for each type of OS and browser.
Fix bug causing Fatal Error (500) when attempting to run a Packet Dump on a
node via a cluster controller.
Fix bug that prevented generating a graph with an end time other than the
current time (“0 minutes ago”).
Upgrade web caching/proxy software. Fixes several major crashes of the proxy
when opening server connections. These issues affected upstream connections
when the client aborted early or timed out waiting for the final stages of
HTTP transactions to complete.
Resolve issue with rare bug where sometimes the default route is incorrectly
replaced by the operating system.
Improve packet filtering performance and resolve periodic latency issues
experienced at some deployments.
Support WISPr in conjunction with remote captive portals.
Fix bug that prevented searching for a specific room in the PMS Transactions
Prevent configuring DHCP Pools that conflict with the range of other pools.
Truncate host names in malformed web proxy requests. Fixes rare bug causing
error: “DBD::Pg::db pg_putcopyend failed: ERROR: value too long for type
character varying(255) CONTEXT: COPY web_proxy_hits, column host:
Do not allow configuring a WAN Address with a large enough span that it
conflicts with an Uplink’s gateway IP.
Fix bug where VLAN Uplinks were not displayed in a Cluster Node’s Uplinks
configuration scaffold.
Add the ability to configure Static Route entries as the local network for
IPsec Tunnels.
Packet filtering performance optimizations for systems with many groups.
Upgrade web server application framework to Ruby on Rails 3.2.12, containing
important security fixes.
Fix rare bug causing error emails from “Cron” containing: “rm:
/tmp/ No such file or directory”.
Fix rare fatal packet configuration error on systems with slow uplinks and
many end-users and bandwidth queues.
Fix bug causing rare error: “DBD::Pg::db do failed: ERROR: column “_id” of
relation “pf_queues” does not exist at …”.
Fix bug causing the number of sytstem processes to not be graphed when
the number exceeded 2k on heavily loaded systems.
Fix bug that prevented FreeBSD 9.1 OS upgrades on cluster nodes.
Permit configuring a Shift4 merchant ID in the Partner field of a Merchant
configuration scaffold.
Fix bug that broke SNMP and network graphs for some systems.
Upgrade web caching/proxy software. Fixes issues with upload bandwidth
throttling and rare memory leaks.
Add the RADIUS reply message to the error displayed in the default portal
when an end-user enters invalid credentials for a RADIUS server. Also add a
new message substitution variable for use with remote portals. %message% now
contains the “Radius-Reply” attribute in the case of a login failure.
Ignore “detected potential problem regarding critical IP” health notices for
gateways of DHCP Uplinks, as they are usually ignorable false positives.
Fix performance problem with certain reports causing an error in the web
admin console.
Fix bug where day of the week configurability was missing from the Time
Triggers scaffold.
Stop allowing end-users to login to the captive portal with an expired Token.
Fix bug where the Admin Roles scaffold listing did not show configured
notification emails.
Set the Ecommerce_flag for First Data Merchant transactions. This affects
the per-transaction cost paid by the merchant account (operator).
Fix bug that broke exporting Shared Credential Groups on systems with many
Login Session Logs.
Update payment gateway library, adding support for additional Merchants.
Update base operating system to FreeBSD 9.1.Upgraded packet filtering (pf) framework yielding numerous performance and
stability improvements, including:

In pf, store routing table ID, queue ID etc directly in the packet header
mbuf instead of using mbuf tags (which use malloc’d memory). This yields a
100% improvement in packet performance.

Skip TCP/UDP/ICMP/ICMP6 checksumming when not necessary. This yields a
further 10% improvement in packet performance.

Upgraded ethernet drivers for performance and stability improvements,
including support for newer chipsets.

TCP/IP network stack and IPsec performance and stability improvements.

The OS scheduler has been improved for CPU load balancing on SMT (Simultaneous
MultiThreading) CPUs, yielding a 10-15% performance improvement when the
number of threads is less than the number of logical CPUs.

Improved ATA/SATA disk subsystem driver using a Common Access Method (cam)
based implementation.

Filesystems now implement softupdates journaling, which introduces a intent
log into the filesystem, eliminating the need for background file system
consistency check and repair (fsck), even after unclean shutdowns.

Filesystems now implement the TRIM command when freeing data blocks. TRIM
allows the filesystem to send a delete request to the underlying device for
each freed block. The TRIM command is specified as a Data Set Management
Command in the ATA8-ACS2 standard to carry the information related to
deleted data blocks to a device, especially for a SSD (Solid-State Drive)
for optimization.

Upgrade the PostgreSQL object-relational database system to version 9.2.2 for
increased database performance and stability.

Upgrade ISC DHCP server to version 4.2.5 for increased stability.

Upgrade FreeRADIUS RADIUS server to 2.2.0 for increased stability.

Upgrade ruby to version for increased web admin console and captive
portal security and stability.

Upgrade other various third-party software packages to their latest versions
for increased performance, security, and stability.

Requires explicitly performing an OS upgrade on existing installations.

Add HTTP virtual hosts feature enabling remote access to local web servers.
Various system and network performance and security optimizations.
Improve support for certain Intel network cards (igb driver) having many
ports. Add a health notice warning for “Could not setup receive structures”
errors to detect when physical interface setup fails.
Truncate DHCP lease UIDs that are too long. Fixes rare error:
DBD::Pg::db pg_putcopyend failed: ERROR: value too long for type character
varying(255) CONTEXT: COPY dhcp_leases, column uid:
Update SOAP client, including Innsist PMS optimizations.
Packet filtering performance optimizations.
Upgrade web server application framework to Ruby on Rails 3.2.11.Improve security of web admin console and captive portals.
Fix bug that broke global footer search on a cluster controller under certain
conditions.When searching for an end-user via the global search footer, include only
the Groups the end-user is a member of in the Policy diagram, instead of
every Group associated with the Policy.
Fix bug with Agilysys LMS PMS message format.
Automatically flush the web cache before creating a CRITICAL filesystem
utilization health notice, instead of after.
Don’t create a health notice for the error “invalid request format received
from PMS client: ” when a zero byte request is made to the PMS interface,
which is likely caused by an intermittent connection error.
Fix bug causing rare error: “NoMethodError (CRITICAL) – undefined method
`valid_encoding?’ for nil:NilClass
app/controllers/portal_controller.rb:2473:in `block in
Fix issue with upload bandwidth throttling when utilizing the web proxy.
Improve error handling and email notifications when the database connection
fails (e.g., in a cluster environment).
Fix rare bug where the nightly database reindex routine would not run if the
nightly database cleanup routine failed.
Fix issue where application crash dumps could cause the root disk parititon
to overflow.
Add the ability to configure the DHCP server as authoritative or not
(previously was always authoritative). DHCP networks shared between two or
more cluster nodes may need to be configured as not authoritative. Fixes
issue where an inappropriate DHCPNAK message sent by a server other than the
one that assigned an address could cause some clients to not receive an IP
Fix bug causing errors such as “DBD::Pg::db pg_putcopyend failed: ERROR:
invalid input syntax for integer: “a:” CONTEXT: COPY pf_states”.
Fix rare issue causing “Check rxgd detects presense of pid file but no
matching process.” error emails.
Fix bug causing error “DBD::Pg::db pg_putcopyend failed: ERROR: value too
long for type character varying(255)” when instrumenting web proxy access hits.
Fix bug causing rare error: DBD::Pg::db do failed: ERROR: zero-length
delimited identifier at or near “””””.
Fix rare fatal PF configuration error.
Try to prevent nightly “Check rxgd detects that rxgd may be hung” error
emails at some deployments with high web proxy utilization.
Improve DHCP failover and load balancing capabilities for cluster
deployments. Adds the ability to share the same DHCP pools between two nodes
by implementing the draft IETF DHCP Failover Protocol.Add more information to DHCP Leases instrumentation.
Fix bug causing error “DBD::Pg::db pg_putcopyend failed: ERROR: literal
carriage return found in data”.
Add proxy ARP functionality configurable via a Network Option setting.
Fix bug causing an uplink to be inappropriately set via a ping target that
was not associated with that uplink.
Fix bug causing exception: “ActiveRecord::RecordNotSaved: Failed to save the
new associated login_session”.
Fix bug where creating a new Journal entry for a User would cause an
exception and incorrectly create the entry when charging the user failed.
Fix bug causing error when sending RADIUS Interim-Update packets for many
sessions: “heartbeat timeout of 300s exceeded for /var/run/ …”
Add dhcp-server-identifier to list of available DHCP options.
Fix bug causing errors such as: DBD::Pg::db pg_putcopyend failed: ERROR:
invalid input syntax for type timestamp: “rxgd”
Fix bug causing redeem coupon to fail for coupons with no expiration.
Upgrade and improve performance of web cache proxy.Automatically cache Microsoft and Apple updates (requires increasing max file size option).

Support configuration of a memory-only (diskless) cache.

Fix bug where detecting certain credit card types for some Merchant gateways
was broken.
Add support for configuring CyberSource transaction key via Merchant
password field (increase size of the password field).
Fix bug where the operator was unable to remove all email notifications from
an Admin Role.
Fix bug where in a cluster deployment a node’s VLAN addresses configuration
was not displayed in the node’s web admin console Network Address scaffold.
Automatically flush the web cache if the cache’s disk partition usage
exceeds the configured cache size or is about to overflow the disk.
Fix bug where a User belonging to a recurring Usage Plan was not logged out
when her session’s quota ran out.
Add the ability to populate the “note” field for coupons and tokens.
Fix bug where an operator was allowed to delete the last remaining Admin
account, or her own account.
Upgrade web server application framework to Ruby on Rails 3.2.9.
Increase Max Connections Trigger configurable limit to 3000.
Fix bug with automatic RADIUS login, where it would unnecessarily repeat
failed login attempts.Make %notice, %exception%, and %error% strings blank in a remote portal’s
URL when redirected to by a splash portal (i.e., when there is not an error
to provide).
Add “backend_login_at” timestamp/flag attribute to the LoginSession model,
indicating when the backend has “fully logged in” a session. Useful for
remote API implementations to know when a session is fully logged in. Make
enhancement that also reduces the avarage time the portal application waits
for a session to be logged in.
Fix bug where certain portal error messages that should have been ignored
were not because of non-english locales.
Add support for configuring PKCS#8-formatted private keys in certificate
chains. Server key is automatically converted to RSA format.
Permit configuring the user id for the Elavon Virtual Merchant Gateway via
configuring the Merchant’s “signature” field.
Change Usage Plan price display method (e.g., in portal usage plan list) to
show the original plan price and the amount of a User credit consumed (if
any), instead of just “free”. Plans that were originally zero-cost still
display “free”.
Fix bug where displaying the PMS Servers scaffold (e.g., Gateways page) could
result in an error 500 when many transactions existed.
Remove spikes in Uplink network graphs that greatly exceed the configured
speed of the Uplink.
Avoid fatal packet filter errors when an Uplink is misconfigured to be
faster than its physical interface’s negotiated link speed, or a Bandwidth
Queue’s total realtime download requirement is misconfigured and exceeds a
LAN interface’s link speed. Add relevant warning health notices.
Consolidate the Archives->Graphs menu page into Archives->Reports.
Add a cookie-only automatic login mode. The “cookie” mode is similar to
“MAC + cookie”, except the end-user’s MAC address can have changed as long as
there is still a matching cookie in her browser. This is useful for
situations where a user switches between a wired and wireless connection,
thereby changing MAC address.
Fix bug where the “Flush All” button for ARP entries and DHCP leases, the
“Delete All” button for Tokens and Coupons, and other similar scaffold
buttons would not display a notice and refresh the list after completion.
Add a “Cure All” health notices button to the scaffold, which automatically
cures all uncured health notices.
Fix broken Bandwidth Queue Traffic Rates and Policy Traffic Rates scaffolds on
a cluster controller.
Fix “invalid byte sequence for encoding “UTF8″: 0x00” error when
instrumenting packet filter queues.
Fix rare, fatal packet filter configuration error when an Uplink loses its IP
Add automatic login capability for RADIUS Realm and LDAP Domain
authentication methods. If configured, end-user passwords are stored in
encrypted format and used to re-authenticate returning users having the same
MAC address as their previous session.
Fix bug causing a fatal exception when a remote portal hits the FUSION’s
captive portal with an invalid RADIUS login request.
Detect the latest official FUSION build and disable the automatic update form
if the FUSION is already running the latest official build (or greater).
Add viewable and downloadable reporting functionality.
Fix bug where custom portal assets in sub-directories were not pre-compiled
when running the web server in production mode.
Fix bug where initiating a batch delete would sometimes delete records in
other scaffolds.
Work around issue where a duplicate guest number may be received by a PMS
server, causing the FUSION’s PMS interface to update the wrong PMS Guest
record. This caused some PMS Transactions to appear to be linked to the
wrong guest.
Fix bug where plans selected with a PMS Guest Match would be displayed
even if they were greater duration than the previously purchased plan, or the
previously purchased plan was expired.
Record the RADIUS request in addition to the response packet in Login Sessions
and Login Session Logs for RADIUS Realm authentication.
Fix bug where sometimes an FUSION upgrade or restore initiated from the web
admin console would prematurely report the process as being finished right
after it started.
Add the ability to configure a post login redirect URL in a Landing Portal,
which allows the operator to redirect the end-user to a configurable URL or
her originally desired URL after successful login. Requires modifications to
existing custom portals.
Fix bug where large uploads to the web admin console (e.g., a backup
restore) could cause the disk to overflow when there was actually more space
Fix bug with CHKM message format in Galaxy PMS interface.
Add the ability to enforce Quota Triggers on RADIUS and LDAP authenticated
users over a configurable window of time. Also allow the time window to be
configured for normal User accounts instead of enforcing the Quota Trigger
over the entire period of time since the User last recharged.
Fix bug in PF Queue Logs instrumentation causing certain queues/users to
be ignored (byte consumption not recorded).
Fix rare portal exception: “NoMethodError cannot parse Cookie header:
undefined method `size’ for nil:NilClass”
Increase interrupt storm threshold limits on faster hardware.
Fix bug causing “invalid byte sequence for encoding “UTF8″: 0xedbf94” errors.
Add a “login” string to the Queue Logs archive and instrument scaffolds,
which is useful for reporting on per-end-user quota (byte/packet)
consumption for non-User sessions (e.g., RADIUS).
Add the ability to upgrade an FUSION’s operating system via the web admin console.
Fix bug with LDAP/AD authentication.
Fix bug causing certain manual pages not to load.
Better protection against memory leaks in defective custom portals.
Fix bug causing more local routine backup files to be kept than what was
Improve reliability of the database purger.
PPPoE reliability enhancements for certain ISPs.
Add the ability to whitelist specific rule IDs (SIDs) in a Remote DPI
Signature. Allows the operator to fine-tune the set of rules provided by the
remote signatures, choosing to ignore certain alerts without having to
exclude an entire category.
Upgrade web server application framework to Ruby on Rails 3.2.8.
Add Bandwidth Queue tree summary graph that visually represents the FUSION’s
bandwidth shaping hierarchy as configured in the Policies->Traffic Shaping
page of the web admin console.
Fix bug where a Merchant Transaction’s full response dump displayed when
clicking “Show” was no longer human readable.Improve visual layout of the Merchant and RADIUS response parameters in
their respective “Show” views.

Remove the Archives->Portal->Merchant Transactions view from the web admin
console as it was a duplicate of the Merchant Transactions scaffold under

Fix issue where a cluster node’s license could be temporarily disabled under
rare circumstances when the node cannot communicate with the controller due
to database connection timeout.
Fix broken Subnets Filters under certain conditions and configurations.
Fix charging a User when creating an A/R Transaction credit.
During RADIUS server authentication, try interpreting the User-Name
attribute as a MAC address and look for a User with a matching login that is
also a MAC address. MAC addresses are normalized before comparison such that
the format in the RADIUS packet and User database do not have to be the
Upgrade web server application framework to Ruby on Rails 3.2.7.
A Bandwidth Queue’s speed now affects how an Uplink’s bandwidth is shared
when the link is saturated and users cannot achieve their peak speed.
End-users in a Policy with a faster Bandwidth Queue are allowed to use more
of the Uplink than users behind a slower queue. This enables the operator to
ensure policies and/or groups for a higher level of service are allocated a
larger portion of an Uplink’s bandwidth during heavy-usage times.
Optimize bandwidth queueing code when used with a slow, highly-asynchronous
uplink (e.g., DSL).
Fix bug causing incorrect remote backup files to be purged.
Add authorization code to transactions scaffolds list.
Fix bug where global search feature sometimes returned the wrong active Group.
Fix issues with broken content filtering under FreeBSD 8.3.
Improve SNMP server performance under FreeBSD 8.3.
Fix bug causing certain browsers to not correctly validate required
fields of User and other record types when created or updated.
Add hierarchal bandwidth shaping feature, where the operator may configure
caps on a Policy and/or Group’s available bandwidth in addition to per-IP
Fix bug causing certain WISPr clients not to function properly.
Fix bug with custom portal upgrade script causing some portals to have a
syntax error after upgrade.
Add support for First Data as a offsite Merchant gateway.
Add Shared Credential Groups table and start/expires columns as valid Database
Purger options.
Add the ability to configure a PEM certificate for a Merchant.
Expose PMS Guest arrival and departure date columns as Database Purger options.
Fix bug that prevented a user from entering user.logout or in their
browser to logout.
Fix bug where an end-user’s connection states were not flushed when a Trigger
created a Transient Group Membership for her IP.
Add SIP proxy service.
Fix intermittent “reservation not found” issue with Comtrol UHLL PMS interface.
Add remote DPI signatures functionality, allowing the operator to configure
the FUSION to periodically download snort rulesets from a compatible hosting
service (e.g., and utilize them in a DPI Trigger.
Fix bug where the operator’s browser would sometimes annoying scroll to the
bottom of the web admin console after loading a page.
Automatically create a new NAT record with an empty Uplinks
configuration when creating a new Network Address for a public LAN.
Try to guarantee remote accessibility to an FUSION by always configuring the
primary, static Uplink, and SSH and DNS servers before anything else, in the
event the FUSION software fails during a reboot.
Fix broken Packet Dumps “Show Packets” feature.
Documentation additions for RESTful API.
Upgrade web server application framework to Ruby on Rails 3.2.6.
Add the ability to report on PF Queues instruments (realtime speed) and
archives (quota/transferred) by Group for group-specific queues (i.e., a
Bandwidth Queue with a sharing shaping option set to “Group” or “IP”).
Enables the operator to report on byte/packet utilization by Group in
addition to Policy, User, etc.
Replace the Bandwidth Queue per-user checkbox option with the ability to
configure how a queue configuration is provisioned and shared. Available
options are “IP”, “Group”, and “Policy”.”IP” defines a unique queue for each IP (session). This is the same as the
old “per-user” behavior.

“Group” specifies a unique queue for each Group + Policy, where each group
is provisioned its own queue.

“Policy” specifies a unique queue for each Policy, where multiple groups
having the same policy share the queue, but every policy has its own queue.
This is the same as the old aggregate behavior (“per-user” unchecked).

Support anonymous IPsec pre-shared-key authentication.
Addition of a new HTML Injection recipe: ad element overlay.This recipe will overlay a div element on top of standard IAB ad sizes
defined in the Universal Ad Package (UAP) Profile. The div element will
take up the full size of the ad. There is a 5 second delay before the ad
overlays become visible. Sizes are as follows:

320×250 : Medium Rectangle, 180×150 : Rectangle, 160×600 : Skyscraper,
728×90 : Leaderboard.

The content in the HTML injection needs to be able to self-adjust to the
size of the ad being overlayed. Optionally, the rotator service can be
used to pull content that is size specific for the ad being overlayed.

In order to use the rotator service, there needs to be a rotator setup for
each standard ad size. The name of the URNs for the rotators should be:
320×250, 180×150, 160×600, 728×90. If a URN is missing for an ad size, an
error will be displayed in the ad frame. In addition to the rotator config,
the following code needs to be placed in to the HTML Injection:

<script type=’text/javascript’>

Override the default CSS for the overlay element by adding the following to
the CSS in the configuration for the HTML Injection:

#rxg_var_injected_floating_overlay {
/* Custom CSS here… */

By default a close button is shown on the overlayed content. To remove the
close button, add the following to the CSS in the HTML Injection:

#rxg_var_red_sphere {
display: none;

Upgrade web server application framework to Ruby on Rails 3.2.4.
Upgrade base OS to FreeBSD 8.3.
Move display of regular-expression-based URL rewriting GUI to the
interstitial redirection view.
Improve floating overlay injection recipe. Remove background-image from
div elements. Simplify the HTML. The position option in the configuration
now properly positions the floating element using the following:top => top, right
left => top, left
bottom => bottom, left
right => bottom, right

Override the default CSS for the floating element by adding the following to
the CSS in the configuration for the injection:

#rxg_var_injected_floating_overlay {
/* Custom CSS here… */

Improve virtual frames injection recipe. No longer insert banner into
windows/frames that are smaller than 640×480. This prevents the injection
from covering content within little frames/windows that are inside another
page.No longer require SSL for the rotator controller.
Fix rare fatal backend error: “avoid illegal attempt to update using time
… (minimum one second step)”
Fix “ArgumentError (invalid byte sequence in UTF-8)” errors when the portal
redirects a desired URL containing incorrectly-escaped characters.Fix “Encoding::CompatibilityError incompatible character encodings: UTF-8 and
ASCII-8BIT” errors when a portal end-user enters an invalid RADIUS username
containing non-ASCII characters (e.g., UTF-8).
Add new IPsec Entries (connections/tunnels) instrument scaffold to the
Instruments/Routes page of the web admin console.
Create a health notice when a change to an Address invalidates a DHCP Pool.Tweak Health Notices scaffold list UI.
Validate that an Admin’s password isn’t too weak.
Require that an Uplink have two Ping Targets configured before using it in a
Link Control Policy.
Improve DNS Server, Ping Target, and Uplink validation.
Automatically create a Ping Target when configuring a DNS Server or an
Uplink with a static gateway. The new Ping Target is not initialy associated
with any Uplink(s).
Fix bug where some firewire devices were detected as viable physical interfaces.
Change scaffold actions to return all record attributes when accessed via
the XML API.
Database / web admin console performance tweaks. Fix issue where sometimes
deleting a DHCP Pool could timeout.
Fix rare error when accessing the instruments dashboard of the web admin
console immediately after deleting a DHCP Pool.
Add the ability to automatically create a DHCP Pool when creating a LAN
Address. Pool is initially set to the entire available range. Default the
DHCP Pool create form with a range corresponding to the last created Address
(if one doesn’t already exists).
Detect DHCP DOS attacks.
Create a health notice when a device interrupt storm is detected.
Improve quota/queue archives and reporting. Add support for byte/packet
counter instrumentation and archiving for things other than users and login
sessions (e.g., policies, uplinks, ips, macs).Rename the Archives/Quota menu to Archives/Queues in the web admin console.
Add the ability to search on specific fields and date/time ranges for larger
scaffolds to facilitate reporting. Affects scaffolds that fall under the
Identities, Billing, and Archives pages of the web admin console.
Don’t create health notices for “ping failed to bind to address…” errors.
Add the ability to flush all packet filter states for a given IP by clicking
“flush” on a row in the States scaffold having the desired “Src IP”.
Ignore Apple and Microsoft connection-test URLs during HTML payload rewriting.
Increase security of randomly-generated passwords.
Fix bug causing multiple Help links to appear above the Health Notices scaffold.
Restore missing “HELP” link next to each Health Notice.
Fix issue where the web admin console could fail in production mode if a
custom portal’s Sass stylesheet contained invalid CSS. Create a Health
Notice when an error is detected during web server asset precompilation.
Support entering in the URL of a users browser as a valid method for
logout. This requires that be configured as a Network Address.
Avoid captive portal exceptions of the form: “undefined method `model_name’
for NilClass:Class” when calling fields_for on SecretQuestion and
SecretAnswer objects.
Fix bug where the date/time field could be lost when editing an existing
record via scaffold (e.g., a Shared Credential Group’s expiration time).Default a new Shared Credential Group’s lifetime to one week starting from the
current day, and enhance the scaffold UI.
Fix error when trying to create a RADIUS Server Attribute before a RADIUS
Server Realm.
Resolve issues where HTTP upload queueing and link control were not always
correctly enforced when an HTML Payload Rewrite was configured.
No longer flush all connection states when a configuration change is made.
States may need to be flushed manually for existing connections to
immediately adhere to new policy changes. Resolves issues where the web
admin console could time-out, and/or an end-user’s persistent connection
with a remote host could be cut after making certain configuration changes.
Users UI scaffold enhancements.
Add global search feature to the web admin console.
Minor database performance optimization and deadlock prevention.
Randomly generate div tag ids and other variable names within the code that
is utilized by the HTML injection feature.
Fix bug causing cached DNS lookups to fail when a primary uplink goes
Ping Targets configured without Uplinks are now pinged from all available
uplinks instead of just the primary. Fixes bug where a Ping Target could be
temporarily marked as down when the primary uplink goes down.
Fix bug where Uplinks / Ping Targets would get marked down when not actually
down on systems with slower CPUs.
Fix bug where multiple Zoom buttons could appear at the top of a
configuration scaffold.
Add the ability to configure Admin Roles with fine-grain control over the
scaffolds an Admin is permitted to access. This allows the operator to
restrict an Admin to only one or more scaffolds (e.g., a support Admin
account with access to only the Users configuration scaffold).
Upgrade web server application framework to Ruby on Rails 3.2.3.
Fix bug in the default portal where new user signup could return back to the
index/previous view when there was an error with form submission.
Fix bug where the captive portal’s post-login behavior was incorrect when a
remote Splash Portal and local Landing Portal, or vice-versa, was configured.Support %render_…% variables in addition to %redirect_…% variables in
portal remote URL configurations.
Fix rare memory leak in the web admin console.
Avoid captive portal exceptions of the form: “undefined method `model_name’
for NilClass:Class” when calling form_for on User and PaymentMethod objects.
Add captive portal feature that logs-out an end-user’s session when she
surfs to “user.logout” (or a similar domain ending in “.logout”). Requires
the end-user to be using the FUSION’s built-in DNS server, which must have a
DNS zone and record configured for “user.logout” (or similar record) that
resolves to the FUSION’s IP.Automatically create a “.logout” zone and “user.logout” record by default.
Try to avoid portal exception: “ActiveRecord::RecordNotFound: Couldn’t find User with id=…”
caused by portal login race conditions.
Splash Portal whitelists now permit UDP traffic in addition to TCP.
Fix bug where configuring certain flag/boolean DHCP options (e.g.,
router-discovery) caused a fatal DHCP server error.
Fix bug where upload queueing was broken for a Policy having a WAN
Target-specific Bandwidth Queue and Web Cache enabled.
Fix portal exception: undefined method `model_name’ for NilClass:Class
when hitting the payment_method_edit action from a User without an
existing Payment Method.
PMS Server support for the Innsist SOAP interface.
Change portal failure Health Notices to be more user-friendly.
Don’t search on the encrypted columns for users, tokens, payment methods and
Support for ElevenEdge PMS XML API.
Fix bug causing portal error:
“ActionView::Template::Error: undefined method `model_name’ for NilClass:Class”
Database performance tweaks.
Tweak CPU temperature warning limits.
Fix bug that allowed users to login sooner than they should when using the
shared credential login method.
Prevent creation of a Database Purger with an invalid timestamp column for
the selected table(s).
Add RAID status monitoring for ciss0 and ar0 devices.
Add checkbox to the Web Cache Servers scaffold to configure the web cache
service to operate in a cacheless, proxy-only mode.
Add burstable Bandwidth Queue feature, where a burst speed may be configured
to provide an end-user with a higher transfer rate than normal for a
configurable period of time at the start of every new data transfer
Fix memory utilization issues when downloading many records via scaffold export.
Add ability for the operator to manually create static VLAN Tag Assignments
that never expire.
PMS Server support for the Galaxy Generic 2-Way HSIA Interface.
Add FUSION build revision to backup file names.
Omit HTML payload rewriting from sites tagged with RANGE-REQUEST. Fixes
issue where mobile devices failed to play videos from many sites when
rewriting was enabled.
Add operator-definable site-local DHCP server options feature.
Various changes to make integration with ElevenOS more seamless.Add ability to send client VLAN in NAS-Port RADIUS attribute.

Make sure client MAC address is sent as Calling-Station-Id as part of SOAP
API if configured to be sent in the web admin console.

Wait for user to be fully logged in before sending login success in SOAP API.

Various SOAP API improvements.

Upgrade web server application framework to Ruby on Rails 3.2.2 and Ruby 1.9.3.Significant memory utilization and performance improvements.

Utilize asset pipeline framework for improved captive portal and web admin
console performance.

Fix Internet Explorer 9 compatibility issues with configuration scaffolds.

Improve date/time selection popup in configuration scaffolds.

Increase development mode performance.

Various web admin console UI enhancements and fixes.

Captive portal customization enhancements:
Support ERB stylesheet and JavaScript files.
Support Sassy CSS (SASS/SCSS).
Support CoffeeScript.
Support multiple stylesheets.
Add various helper methods for easily linking assets.
Fewer changes necessary after copying and renaming a custom portal.

Requires modifications to existing custom portals, which an upgrade will
attempt to perform automatically.

Improve WAN DHCP client behavior.
Fix exception when viewing the sms view of the default captive portal.
Fix bug that sometimes caused a Login Session or Login Session Log to have a
negative byte and/or packet counter.
Fix exceptions in the captive portal when using the number_to_human_size and
other similar rails helpers with a non-english locale.
Fix bug where the first access to the web admin console could hang for up to
a minute if an NTP server was not reachable.
Fix bug causing an exception when attempting to render the pms guest
profile view.
Fix bug causing a user to be created and left on the system in the event
of a duplicate PMS transaction being detected.
Eliminate health notice due to an exception in the RADIUS send packet
function and increase its reliability.
Link the build revision at the bottom of the web admin console to the
release notes page of the manual.
Fix broken “Delete All” tokens button feature.
Fix bug where the Daily Web Proxy Requests Report did not correctly adhere
to an Admin’s “archives” role permission.
Group UI improvements:In all Group scaffolds, move the Policy option to be immediately after the
Precedence option instead of at the very end after the membership option(s).

Add “Membership” sub-form elements to the MAC Group and IP Group create/edit

Ignore guest check-in messages received from a PMS Server that contain a
blank name AND ID number. Fixes issue where useless PMS Guest records end up
in the FUSION’s guest database when the PMS interface is misconfigured.
Store relevant payment method parmeters in the User record when using the
quick_purchase form of signup and payment in the captive portal.
Add the ability to configure HTML Replacement regular expression modifiers.
Fix rare exception during a quick purchase charge when the UsagePlan being
purchased has automatic login enabled.
Fix rare exception when the PMS Guest database contains a guest with a blank
Fix rare exception within the defaults creation routine during an upgrade when
one or more IPsec Specification records exist without an IPsec Server option
(i.e., the operator deleted the default IPsec Server).
Include WISPr XML block in the default portal’s layout to better accommodate
non-standard WISPr clients that choose to ignore the login information
parameters presented along with the initial captive portal redirect (HTTP
status 302).
Add “twice-daily” (every 12 hours) as an available Usage Plan recurring
interval setting.
Change the JavaScript used in the default portal’s slide show to be
compatible with IE9.
Tweak memory footprint of the web server.
Add the ability to configure a Token’s usage expiration time to be
dynamically set relative to the first login event, which supersedes the
configured expiration timestamp or “no expiration” setting. This allows the
operator to create a batch of Tokens with a finite and absolute shelf-life
that also changes for an individual Token upon its first use.Improve usability of the Tokens scaffold UI.
Add a new global Network Option to disable prioritization of TCP ACKs and
packets with a TOS of lowdelay. Previously this was always enabled without
configurability and is still enabled by default. Disabling fixes issue where
packets with a non-standard TOS value may be queued incorrectly.
Fix bug where Tokens were considered for lock MAC purposes, causing an
exception when an end-user having a User account with a locked MAC address
tried to login via a Token credential.
Fix rare bug where sometimes routing was not immediately enabled after
installing a new license key.
Fix bug resulting in “execute on disconnected handle” errors after some
Fix rare bug where traffic statistics instrumentation for graphing purposes
could be temporarily disabled when a new license key is installed on an FUSION
shortly after generation of the license.
Fix bug where changing a User’s Group does not always affect her
existing session’s policy-enforcement behavior without having to
logout and login again.
Various bug fixes and improvements to the Policies summary graph.
Improve operator experience when restarting the web server.
Update rails gems (third-party dependencies), including web server.
Don’t issue health notices for DNS Pools with a maximum of one lease.
Tweak DNS Zone and DNS Record scaffold defaults.
Gracefully redirect a browser to an HTTPS (SSL) URL of the admin console or
captive portal if an HTTP (non-SSL) connection is attempted, instead of
outright blocking the connection.
Reduce memory footprint of the web server.
Add support for multilingual Custom Portals via the Rails
Internationalization (I18n) API.Custom localization files may now exist within a portal’s “locales”
directory and may be utilized to provide translations for strings throughout
a portal. Entire layouts and views may also be customized based upon locale.

I18n.locale is now automatically set to the end-user’s browser preference
and may be changed by including the “locale” parameter with a link. Missing
translations fallback to the english default when in production mode.

Add an initial english locale file and some examples to the default portal.

Fix for “undefined method `model_name’ for NilClass:Class” error in the
user_info view of the captive portal.
Fix bug where SOAP API requests to port 448 were being blocked.
Permit posting charges to a PMS server for a zero amount when the guest’s
folio has the “no post” flag set.
Make sure files copied via an SMB share are writable by other admins.
Permit configuring a DHCP Pool containing a single IP by specifying the same
start and end address.
Fix reliability issue with VPN connections terminated at the FUSION appliance.
Fix fatal exception when logging in with an administrator that does not have
read permissions on archives.
Fix some issues with captive portal redirection when a client’s browser
requests a MIME type resulting in a format unknown to rails.
Fix fatal exception in the captive portal while trying to render a view when
an offsite Landing Portal is configured.
Automatically forward packets destined for port 448 on the FUSION to port 80,
which is necessary to support XML SOAP API requests from Eleven Wireless
When a configuration record is marked “active” or “default”, and another
active/default record already exists, automatically unset/de-activate the
other record instead of displaying a validation error. Allows the operator
to mark a configuration record the active/default for a given scaffold
without first having to modify the existing active/default record. Also
applies to configuring which Network, System, or Accounting Graph is
displayed on the Instruments dashboard.
Add an archives permission option to Admin Roles configuration and split up
permission assignment between archives and instruments accordingly, instead
of the instruments permission setting covering both.Fix bug where the Policy and Network summary diagrams, Quota Summary
report, and Web Proxy report ignored an Admin’s role permissions.
Add the ability to configure a “primary” Network Address for a particular
Interface or VLAN, thereby dictating the “first” IP to be configured on the
corresponding network adapter. For the case of an Uplink, this affects what
IP should be used to access the FUSION and which IP(s) are used as a NAT and/or
BiNat pool. Previously this behavior was determined by the order in which
Network Addresses were created via the configuration scaffold.
Fix bug causing an FUSION to become inaccessible after adding many Network
Addresses associated with a single Uplink.
Fix fatal exception in the captive portal when a User attempts to purchase a
Usage Plan without an existing Payment Method.
Fix minor bugs and layout issues with the quick_purchase template in the
default captive portal.
Fix bug causing DHCP Fixed Hosts to not work properly when configured
inside an autoincrement network having no associated DHCP Pools.
Add an SMB file share feature, providing operators with an alternative to
SSH for accessing and updating various files on the FUSION filesystem via the
SMB 2 protocol. Most importantly, this provides a simpler, although
less-secure, way of uploading changes to Custom Portals.The following named shares are available:

admin login – the admin’s home directory

“backups” – routine backups (read only)

“logs” – raw log files (read only)

“portals” – custom portals (read/write)

“tftp” – TFTP boot directory (read/write)

e.g., \\rxg.local\portals, smb://rxg.local/portals, \\rxg.local\ncr

The SMB service is disabled and blocked by default. SMB access may be
enabled for select admins via an “SMB” checkbox in the Admin Roles scaffold,
similar to allowing SSH. A new SMB Servers scaffold has been added to the
System->Admins page of the web admin console, where specific hosts must be
explicitly given access to the SMB service by configuring a new record with
the appropriate Policies and/or WAN Targets.

Existing Admins must also update their passwords for SMB access to function.

Change the default portal layouts title attributes to read the controller
name of the Custom Portal (i.e., @portal_name.titleize) instead of a static
“Default Portal” or “Default Mobile Portal”.
Fix bug where the web server could not be restarted in “development” mode
after some upgrades.
Add a “Policy mode” option to Port Forwarding scaffolds, where the operator
is able to configure how forwarding behaves when a Policy has more than one
member (a Group with more than one active IP address).Available options are:

first – Only the first member of a Policy has the forwarding applied.

round-robin – Forwarding is performed by load balancing in a round-robin
fashion, which was the old default behavior.

autoincrement – The destination port of the configured Address is
incremented by one for each member of the Policy and used to filter against
a packet’s destination port. This allows for simple configuration of a
forward that redirects packets to multiple LAN devices behind an rXg, to a
single port on the LAN device, where the target LAN device depends upon the
packet’s original destination port. e.g., configuring port forwards for
managing many WLAN APs behind a FUSION.

Tweak the amount of disk space utilized by traffic graphing statistics to
improve cluster controller performance at large deployments.
Support a single FUSION Forward or Transit Traffic Forward record with an
Application having more than one desination port or range of ports.
Duplicate some of the Identities->Definitions scaffolds throughout the admin
console. Insert an Applications scaffold in the Packet Filters and Packet
Forwards Policy pages. Insert Content Filter Lists and Remote Content Filter
Lists scaffolds in the Content Filtering Policy page. Insert a DPI
Signatures scaffold in the Event Triggers Policy page.
Fix display issue where the FUSION and Transit Traffic Forward scaffolds
contained an unconfigurable “Direction” field.
Allow the operator to configure the exact time and/or date that a Routine
Backup is executed, instead of always being relative to when the
configuration was first made.
Add a “Now” link to a Routine Backups record that immediately triggers a
backup (to the remote servers and locally). Useful for verifying a Backup
Server’s configuration after making changes.
Usability tweaks to the sizes of textarea fields throughout the admin
Prevent upgrading to a new software build that exceeds the maximum build an
FUSION is currently licensed for.
Fix bug that broke uploading a Routine Backup to a Backup Server via FTP
when the remote path was blank.
Fix bug that sometimes broke searching for a Policy by IP address on the
policies summary graph page of the admin console.
Increase default size of ‘note’ field in the admin console.
Permit creation of a DNS Server record without an Uplink association.
Add a “static port” configurability checkbox to the NATs scaffold, which
allows the operator to change the behavior from symmetric NAT to cone
NAT, where a packet’s source port is never modified during translation.
Update MAC address vendor lookup table with latest IEEE OUI listing.
Add a “blanket block” mode to the content filtering feature that allows the
operator to block the end-user from all sites except those configured in a
whitelist. Also allow the page the end-user is redirected to upon denial to
be configured to a captive portal action other than the “content_filter”
Fix bug that broke content filtering whitelists when configuring more than
one WAN Target per Content Filter Policy.
Fix bug causing an exception when trying to create an IP Group without an
initial name and IP member(s).
Change default Device Option backend timing from 500ms to 2500ms when
installed on hardware having an Intel Atom processor.
Fix bug that prevented administrator SSH access.
Release USB memory stick installer as an alternative to CDROM.
Fix bug that prevented PMS authentication.
Fix bug where updating a record’s note field via a nested scaffold did not
take effect (e.g., updating a MAC’s note through the MAC Groups scaffold).
Fix minor aesthetic issue with the very bottom of the web admin console.
Include support for the “music preference” field (DFID 321) in the Comtrol
UHLL PMS interface, and map it to the custom0 field of a PMS Guest.
Add the ability to configure the property, controller, store, cashier, and
terminal identifiers of a PMS Server interface. Currently used by only the
Agilysys LMS interface.
When an end-user guest inputs a room number to the portal, don’t remove
non-leading/trailing whitespace before authenticating it with the PMS
Server. Strip only leading and trailing whitespace.
Add the ability to lock a MAC address to a User, preventing the end-user
from creating another User through the same device. Adds a configurable
checkbox to the Users and Usage Plans scaffolds.May require modification of existing Custom Portal controllers to function
Increase a LandingPortal’s maximum allowed session duration from 24 hours to
31 days.
Avoid rare database exception.
Permit configuring a PMS Guest Match to have equal minimum and maximum
transactions, allowing the operator to match just a single transaction.
Database performance optimizations and deadlock prevention.
Add unix admin accounts to the wheel group to allow root access without
prior needing to become the rgnets user.
Add a release changelog to the manual, dating back to build 4.745/FreeBSD 8.2.
Support for Comtrol UHLL specification compliant PMS interfaces.Various PMS interface enhancements.
Fix backend bill_users daemon exception when billing a User:
bill_users – error billing user: ActiveRecord::RecordInvalid: Validation failed: Time must be less than or equal to 525949.Likely caused by a UsagePlan that is set to rollover a User’s
usage_minutes, and the rollover code tried to set her usage_minutes
past the validation maximum (one year).
Fix actionwebserivce (soap API) “wsdl” action.Fix routing for /SOAP mapping to /soap.
Fix issue where sometimes web server doesn’t restart in production or
development mode correctly when the mode is toggled via System->Portals view.
Validate presence of first_name and last_name in User model, such
that corresponding field labels in the scaffold create form are
automatically bolded. Note that fields were already required
implicitly by validating the length.
Now that datetime columns in scaffold create forms default as
blank/nil (until datepicker icon is clicked), validate that a User,
Token, or UsagePlan’s absolute usage_expiration is left blank if
unlimited/never is checked. Previously, if unlimited/never was
checked, the datetime value was automatically set to nil, because
there was no way for the operator to configure a nil value via the
set of date/time select fields. This prevents the operator from
incorrectly changing a datetime configuration from unlimited/never
to an absolute value, when unlimited/never is still set.
Enabled batch update of coupon expiration, now that the calendar_date_select
form is compatible with batch_update.
Add javascript datepicker for all scaffold datetime form columns, instead of
multiple select fields.
Make html_injections.css column type “text” instead of “string”, thereby
making the corresponding scaffold form element a textarea instead of a textbox.
Wait longer for rails web server instance to load to support slow hardware.
In RedirectorController, ignore (bailout from) requests with a
format other than “html” such that the requesting client doesn’t
hit PortalController with a non-html format, sometimes resulting
in a MissingTemplate exception. Also likely increases portal performance.
Rename the CGI parameter that is read to override the rendering
format of PortalController from :format to :rails_format. e.g., to
force :mobile format, now append ?rails_format=mobile instead of
?format=mobile to the URL, and similarly for html.Necessary because “format” was too simple, and some URLs that were
redirected to the captive portal included the “format” parameter,
which caused PortalController#set_format_from_params_or_session to
change request.format to something nonsensical. this sometimes
caused ActionView::MissingTemplate exceptions (e.g., upon the index
view, because only index.html.erb and existed, and
not the other bogus/unknown format).
Fix payment_methods scaffold cc_expiration_year_form_column helper. Resolves
issue where a new PaymentMethod could not be created post rails3.
Add scaffold batch update feature.Currently implemented for only the following scaffolds:
users, tokens, coupons, and all group variants

For each scaffold, specify a set of columns for bulk_update that
is a subset of the usual update form columns and that the operator
will likely want to bulk change.

Only singular associations are batch update-able
(e.g., a User’s UsagePlan but not her user_groups).

Require a SharedCredentialGroup to have a credential
Add batch select and destroy feature to all scaffolds (having update ability)
Fix bug causing interstitial redirection to fail when the target
URL did not contain a ‘/’ character.
Fix bug causing the uplink_assignments scaffold to not have an inline
link to the related Uplink scaffold.Fix issues with WeightedUplink/UplinkAssignment
allocation algorithm. consider that a single end-user IP should be
assigned different uplinks if her Policy is related to a WeightedUplink
that is Application/WanTarget specific and contains only a single Uplink,
and another more-general Policy that includes said Uplink plus many
more uplinks (i.e., count a unique IP+Application(s)+WanTarget(s)
combination as a weight instead of just IP).
Modify credit adjustment of plans in quick_purchase_charge to allow
for % adjustments of the price for the selected usage plan.
Fix bug with display of quick_purchase view. Add ability to pass credit
parameter in quick purchase form. Allows for custom portal modifications
to modify the price of a plan on the fly (e.g. for promotional codes).
Remove AdminRole#forward_root_emails column and associated
configurability (“OS emails” checkbox).The “root” mail alias no longer exists (i.e., FUSION Admins will no longer
receive emails sent to the root unix user). this is to prevent FUSION Admins
from receiving postmaster emails, security run output, and other stuff that
gets sent to root and has been deemed useless and/or confusing for the FUSION

Add an “admin” email alias (in /etc/mail/aliases). FUSION Admins belonging to
an AdminRole that is associated with a CustomEmail for the
“health_notice_create” event will be a part of this alias.

Change root’s cron configuration to email output to the local “admin” user
(i.e., Admins alias) instead of the root user. this ensures that check_rxgd
output is still emailed to FUSION Admins that should know about it (i.e.,
receive HealthNotice creation notifications).

Change admin_roles scaffold create/update forms to use the record_select
form UI type for custom_emails, instead of the massive list of checkboxes
which is mostly unusable.

Change admin_roles scaffold’s custom_emails list column to display number of
“notification” emails and “user” emails (those having send_to_user set).

Ignore HealthNotice with “IP has already been taken” validation error from
within backend ruby daemons (e.g., race condition between backend and
frontend automatic login).
When matching end-user input against a PmsGuest’s name, check if the input
name contains the stored name. fixes issue with authenticating Hilton
interface guests when a long last name is sent as truncated from the PMS.
Change sendmail queue timeout from 5 days to 1 day.
change PmsGuest#stay_duration_days to return 30 when the PmsGuest lacks
arrival and departure dates. fixes issue where hilton interface guests cannot
see plans set for more than 1 day.
Default portal login view for mobile format should not have a picture in it.
Support the Hilton OnQ PMS interface.
Fix bug with RADIUS group selection when read group from class is selected,
but no class attribute is returned from the RADIUS server.
Fix exception in rxgd when a DHCP Relay Server is configured.
Webcache socket watchdog: restart squid if it doesn’t accept a socket connect.
Fix upload queueing under a Ppp Uplink (i.e., PPPoE). ALTQ interface
specification must be the tunnel interface and not the physical parent
Update LoginSession byte and packet counters every minute instead of only
when packet filter configuration is reloaded.
Change default unit in quota_plans scaffold create form from ‘MB’ to ‘GB’.
Change PMS Guest Matches to use a regular expression instead of an
exact match.
Fix bug in default portal quick_purchase view that didn’t list plans if only
one plan existed.
Increase web server performance on hardware with fewer CPU cores.
Upgrade web server application framework to Ruby on Rails 3.0.9.
Improve HTML Injection behavior, making the resulting injections more reliable and consistent.
Fix bug where we were ignoring a LoginSession’s radius_class_attribute set
by a RadiusRealm intending to map the LoginSession to a RadiusGroup other
than the one related to the RadiusRealm.
Make DHCP client (for WAN) much more aggressive in trying to acquire an IP
address. Attempt to alleviate support issues that arise because people say
that the DHCP client is not working and then do repeated soft or some times
hard reboots.
Fix bug where SslKeyChain (“Certificate Chain”) scaffold Expiration
column did not display number of months till expiration, only years
and days.
Support Agilysys LMS as a PMS interface.
Fix LoginSession timeout due to Interim-Update-Timeout.
Timeout “stale” RadiusServer login_sessions (i.e., try to automatically
destroy sessions on an FUSION RADIUS server that we haven’t received
an accounting Stop for).The timeout interval is currently implicitly configured by the
presence of an ‘Acct-Interim-Interval’ RadiusServerAttribute.
sessions are destroyed when we haven’t seen an accounting packet
(i.e., created a RadiusServerAccountingLog with a type of ‘Start’
or ‘Interim-Update’) for the session in the last (2 * Acct-Interim-Interval)

This essentially completes support for interim updates on the server
side, as the last-received Interim-Update will have set the
LoginSession’s usage values to a last-known state, which will be
deducted from the User upon destruction due to timeout.

Add web admin console ACL capability.
Fix bug where radius hook running on a cluster controller was not considering
existing VTAs because they belonged to other cluster nodes.
Comment-out redirect_to_correct_cluster_node before_filter from default
Fix fatal DHCP server configuration bug when more than one DhcpPool was
configured for a autoincrement Vlan. Caused multiple pool definitions for
the same shared-network.
Add the FUSION’s domain name to graph titles.
Change VSAs utilized by the RADIUS NAS upon login to support User quotas of
4GB and larger.
Include byte quota VSAs in RADIUS Server Access-Accept packet, indicative of
a User’s up/down quota respectively, if the User has non-unlimited quota.
Read in RADIUS Realm/NAS logic and apply to the created LoginSession’s max
bytes up and down.Prevents a User from exceeding her byte quota when logging in via
the RADIUS server from an FUSION RADIUS NAS.
In interstitial redirection, don’t ignore a simple domain url lacking
a trailing slash (e.g., instead of continue to ignore any other URLs NOT
ending in a trailing slash.
Prevent configuring a WanTarget with an invalid domain (e.g., ‘’).Remove “” from default WanTarget “Static Redirection Hosts” – doesn’t resolve
Create login_sessions for RADIUS server logins, more specifically,
accounting Starts. The LoginSession’s IP and MAC are derived from the
accounting packet’s Calling-Station-Id and Framed-IP-Address respectively.
hostname is always undefined. all other attributes (e.g., expiration) are
derived from the related User’s usage values.A User’s LoginSession’s byte/packet counters are updated upon
receiving an accounting Interim-Update or Stop.

An accounting Stop logs out (i.e., destroys) the LoginSession, which
deducts usage from the User, exactly like with non-RADIUS configurations.

Destroying a RadiusServer’s LoginSession does NOT notify the RADIUS NAS.

login_sessions for a RADIUS server are distinguishable by the persence of a
relation to a configured RadiusServer record (“RADIUS Server Realm”).

radius_server_accounting_logs are now related to the relevant
LoginSession and/or LoginSessionLog.

Fix searching shared_credential_groups scaffold by a LoginSession’s login.
Remove the legacy “user_charge_fatal_error” CustomEmail event.Stop rescuing billing code with logic that sends a user_charge_fatal_error
email, in favor of using the now more-prevalent HealthNotice
record+notification strategy, which actually contains the exception

Permits detected race conditions in billing code due to form
double-submits (e.g., StaleObjectError exceptions) to be correctly
and silently ignored by PortalController#catch_exceptions and

Fix bug in RADIUS server code where a User’s total byte and packet
counters were being overwritten upon receiving an accounting Stop
instead of being added to. didn’t affect usage quota, just the total
utilization counters.
Acct-Session-Time attribute should be present in Interim-Update packets.
Add interim updates column to radius_realms scaffold list.
RADIUS Realm (NAS) interim accounting support:Add boolean to RadiusRealm that enables sending Interim-Update
accounting packets.

Add optional integer field to RadiusRealm that configures
Acct-Interim-Interval to override that received from RADIUS server.
if unconfigured, interval sent by server is used.

Interim update packets sent out by expire_sessions daemon (when its
time on a per-LoginSession basis).

Add new model/table RadiusInterimEvent to store the time the last
Interim-Update was sent for each LoginSession.

Move vlan_tag_assignments and expired_vlan_tag_assignments scaffolds to the
top of their respective menu pages.
Fix bug where rxgd was overwriting (inadvertently unsetting) a VTA’s
“expired” column when it was “marked to expire prematurely” by the
radius hook. somtimes caused there to be two or more VTAs assigned
to a single MAC address when an end-user switched RadiusServer
policies (i.e., SSIDs).
Wait 15m after marking a VTA to expire prematurely (i.e., when an
end-user switches RadiusServer policies) to prevent immediate
re-assignment to someone else.Don’t completely destroy a “marked to expire” /30 VTA if there is somehow
still a (new) DHCP lease on its VLAN.

Add expired boolean to VTAs scaffold.

Don’t re-assign VTAs that were marked to expire.
Show seconds for start/end/flushed_at columns in dhcp_leases and
expired_dhcp_leases scaffolds.
Dynamic VLAN changes:Set the cluster_node_id of a new VlanTagAssignment to the ClusterNode of the
associatied Vlan record instead of the node running the freeradius hook.
should permit cluster nodes to expire their own VTAs.

If a RadiusServer is configured with more than one Vlan record,
balance-out vlan_tag_assignments between them all, in proportion
to the ratio of the number of existing VTAs to the number of possible
VLAN tags (i.e., select the Vlan with the most free tags or fewest
“oversubscribed” tags).

Change VTA tag selection algorithm when reuse_vlans is NOT set.
instead of always selecting the next available VLAN tag with the
lowest number, select the next available tag that is numerically
after the last assigned tag, rolling over if needed. Circumvents
issues where a VTA that was recently expired prematurely (e.g., due
to an end-user switching RadiusServer policies) is quickly re-assigned
to a new end-user, making things problematic if the original VTA
owner somehow ends up back on the VLAN without us knowing (e.g.,
due to AP hardware caching WLAN client to VLAN ID).

Permit restoring an FUSION that is not licensed.
Increase time it takes for admin menu dropdown to disappear from 500ms to 100ms.
Fix creation of ExpiredDhcpLease when flushing an active lease
Don’t assign a VTA for a /30 VLAN if there is already a DHCP lease
for the /30 client IP, which can happen when an end-user ends up
connected to a VLAN even when there is no VTA for said VLAN tag.
More-sensible scaffold create form defaults for “unit” select drop-downs:bandwidth_queues: Kbps to Mbps
usage_plans: minutes to days
time_plans: minutes to days
tokens: minutes to days, MB to GB
shared_credential_groups: minutes to hours, MB to GB
users: MB to GB
quota_triggers: MB to GB
Create ExpiredDhcpLease record when flushing a DhcpLease before it
was supposed to expire (e.g., via admin console, VTA expiration).
Store the time the lease was flushed (i.e., time DeadDhcpLease was
created) in new “flushed_at” column. add column to scaffold list.
Don’t include BiNat public IPs in the “FUSION” packet filter table.
Fix bug where packet filter configuration was not updated immediately after expiring a
Add missing “note” column in pms_guest_matches table and scaffold.
Prevent configuration of an autoincrement Address/VLAN combination implying a
VLAN ID exceeding 4094
Fix bug where shared credential login allowed one more end-user to
simultaneously login than it should have.
VTA expiration / DHCP lease tweaks:When considering to expire a VTA, in addition to requiring the VTA’s
MAC doesn’t map to an IP according to MacIpMapping logic, also
require that there are no leases for the VTA’s MAC AND its IP (if
/30 VLAN). basically, don’t ever expire a VTA if there is somehow
still a DHCP lease, even if MacIpMapping is misconfigured (i.e.,
doesn’t include ‘dhcp’), or somehow there is a lease for a /30
client IP for a MAC other than that of the VTA.

Similar to above change, when pre-maturely expiring a VTA due to
the end-user switching RadiusServer policies, flush all DHCP leases
for the MAC AND the /30 client IP (if /30 VLAN).

Don’t redundantly flush DHCP leases when expiring a VTA normally, as a VTA
cannot be expired normally with leases present.

When finally deleting a VTA that was “marked to expire” due to a
RadiusServer/Policy switch, don’t flush DHCP leases again, as this could
potentially flush leases that should exist. note that this wasn’t actually
working anyways. implicitly continues to avoid primary key conflict race

Trigger ExpireVlanTagAssignments Task when expire_vlan_tags are
touched, in order to process “marked to expire” VTAs faster.

When destroying a VTA that was marked to expire at a previous time, don’t
re-flush DHCP leases for that MAC, as the client likely already has a
different lease on a different VLAN.When expiring a VTA for a /30 network, always delete any DHCP leases for the
single usable IP on the /30 subnet, in addition to any DHCP leases matching
the holder’s MAC.
Avoid rendering the current action’s view in
PortalController#render_last_action_or_default. fixes rare portal exceptions,
e.g., “NoMethodError: undefined method `sort_by!’ for #<Array:0x80efcef98>”
Go back to sorting dhcp_messages by timestamp instead of record id because
sometimes the id order is not at all representative of the timestamp. Dealing
with lack of precision beyond seconds in timestamp is preferable.
In RADIUS server, when an end-user switches between RadiusServer
policies, instead of expiring the existing VTA immediately, mark
it for rxgd to delete later during the periodic expiration task.
still mark any associated DHCP leases to be flushed immediately.
ensures rxgd flushes the DHCP lease(s) and restarts dhcpd before
the VTA is assigned to someone else. fixes issue where a VTA can
be immediately assigned to another end-user before the previous
end-user’s DHCP lease is flushed, thereby resulting in a “no free
leases” situation.
Add PMS Guest Matches feature.
If PmsGuest arrival and departure are the same, change stay_duration_days to
be 1 instead of 0.
Change PmsServer dd/ct field defaults.
Default routine backup server username to ‘backup’ in create scaffold for
easier config against secondary FUSION.
Don’t configure first and second stage boot loaders (i.e., /boot/boot.config
and /boot/loader.conf) for serial console unless a serial device is present.
package post-install script no longer deals with this (i.e., disable serial
console output on first boot after ISO install). Likely fixes issue where a
system without a serial port would not boot.
Fix bug where the “FUSION” packet filter table (i.e., <FUSION>) included only the
first address of an Uplink having a span greater than 1. fixes issue where
outbound DNS requests from a NATed end-user client to a non-FUSION DNS server
were blocked when the translation IP was not the first uplink address.
Don’t redundantly automatically login a User within PortalController if she
is already “logged in”.
Automatic login configurability in LandingPortal. Fixes issue where there
was no way for the portal to automatically login an end-user to the portal
application (i.e., set session[:user_id]) when the end-user already had an
active LoginSession.”MAC + cookie” is the current behavior.
“MAC” means set session[:user_id] based on finding a User with the client’s
MAC (i.e., ignore lack of cookie).
Remove please wait bypass link from default portal.
Add “lifetime” column to usage_plans scaffold list.Prevent configuring a UsagePlan with a relative lifetime shorter than the
length of the associated TimePlan.
DHCP server enhancements to support thousands of VLANs.
Upgrade to FreeBSD 8.2 and Ruby on Rails 2.3.11.