The Inverse team is pleased to announce the immediate availability of PacketFence 5.5.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised.

Here are the changes included in this release:

New Features

New device detection through TCP fingerprinting

New DHCPv6 fingerprinting through Fingerbank

New RADIUS filter engine to return custom attributes based on rules

Security Onion integration

Paypal payment is now supported in the captive portal

Stripe payment and subscriptions are now supported in the captive portal

Enhancements

New pfqueue service based on Redis to manage asynchronous tasks

Memcached has been replaced by Redis for all caching

pfdetect can now be configured through the administration interface

Added ability to detect hostname changes using the information in the DHCP packets

Added the ability to create not equal conditions in LDAP sources

DoS mitigation on the captive portal through mod_evasive

Load balancing in an active/active process now uses a dedicated process

Authentication and accounting are now in two different RADIUS processes

Reworked violation triggers creation in the administration interface so it is more user friendly

Added the ability to create combined violation triggers which allow to trigger a violation based off multiple attributes of a node

Suricata alerts can now trigger a violation based on the alert category or description instead of only the ID of the alert

Added ability to e-mail device owner as a violation action

The PacketFence syslog parser (pfdetect) has been reworked to allow multiple logs to be parsed concurrently

New ntlm_auth wrapper will log authentication latency to StatsD automatically

Handle Microsoft Windows based captive-portal detection mechanisms

Manage pfdhcplistener status with keepalived and run pfdhcplistener on all cluster members

New portal profile filter (sub connection type)

Added switch IP and description in the available columns in the node list view

Use SNMP to determine the ifIndex based on the NAS-Port-Id

Improved metrics now track SQL queries, LDAP queries, and more granular metrics in RADIUS AAA

Added support for Nessus 6 scan engine

Added documentation for the Cisco iOS XE switches

Reworked existing billing providers to be PCI compliant

Billing providers are now part of the authentication sources

Billing tiers are now stored in the configuration instead of the source code files

Billing sources can now be used with other authentication sources on the same portal profile

DHCP packet processing is now fully done asynchronously to allow more PPS in the pfdhcplistener

Bug Fixes (bug Id is denoted with #id)

Fixed log rotation issue with the carbon daemons

Fixed LLDP phone detection if only telephone capability is enabled (#964)

Fixed keepalived and iptables configuration for portal interfaces

Fixed improper httpd status code being set

Removed the node delete button

Fixed detection if the device asks for a portal per URI

Fixed 3Com switches ifIndex calculation in stack mode using SNMP

Not-found users will now be cached when using the caching in an LDAP source (#978)

Updating a node puts an invalid entry in the voip field

See the complete list of changes and the UPGRADE.asciidoc file for notes about upgrading.