Kerio Control Release History — Older Releases

(formerly Kerio WinRoute Firewall)

View the most recent releases...

Legend:
+ Added feature
* Improved/changed feature
- Bug fixed
! Known issue / missing feature

Version 7.2.2 Patch 4 - February 14, 2012

* Kerio Web Filter server URL changed

Version 7.2.2 - December 6, 2011

- Fixed: stability issue in Active Directory users mapping
- Fixed: stability issue in MAC filter
* VPN Client: Ubuntu 11.10 added to the list of supported operating systems

Version 7.2.1 - October 25, 2011

+ Added possibility to specify HTTP and FTP rules in Bandwidth Management rules
- Fixed: stability issue in proxy server debug logging
- Fixed: connection age longer than 1 day is now correctly displayed
- Fixed: minor stability issue in administration interface
* Dropped support of Mac OS 10.4

Version 7.2.0 - August 30, 2011

+ Bandwidth can be now managed easily on one place and also traffic rules can be used to fine-tune
+ Traffic charts can be activated for Traffic and Bandwidth Management rules
+ Support for Google Chrome has been added to Web administration
+ Support for authentication in Apple Open Directory has been added
* The Domains and User Login screen has been redesigned
* Several user accounts can be edited at once. Also they can be directly enabled/disabled from context menu
* Upgrade can now be performed by direct upload of an upgrade file via Web Administration
* Usability of status screens, namely Active Hosts and Active Connections, has been improved. More than one row can be selected to perform certain operations.
* Long lists are listed without paging in Web Administration
+ Added column with user rights to the user account list
* List of user accounts displays number of users defined in currently displayed domain
* A specific record in the DNS hosts table can be found easily in the hosts editor
* Debug and Filter log allow to adjust the format of logged packets
* Navigation in list of rules by the Page Up and Page Down keys has been improved
* Usability of long dialogs on smaller screen resolution has been improved
* Debugging messages from Web Administration can be enabled in Debug log
* DHCP leases can be transferred to another machine using the configuration export/import
* Performance of IPS blacklists has been improved
* VPN Client can now verify an SSL chain including an intermediate certificate
* Multiple bug fixes and improvements have been done in Active Directory integration
* Added possibility to force reconnect all VPN tunnels when primary line goes back online in failover scenario
* Old inactive users with no data are now automatically purged from StaR
- Fixed: Some MAC addresses were incorrectly matched by MAC Filter
- Fixed: FTP over HTTP Proxy for URLs containing some special characters
- Fixed: Scrolling in logs overloaded Kerio Control Engine
- Fixed: Erasing a log took up to 1 minute

Version 7.1.2 - April 28, 2011

Kerio Control
+ Added ability to block IPv6 over IPv4 tunnels
- Fixed: Software and hardware appliance editions no longer performs SLAAC
- Fixed: Unable to perform downloads using FTP over proxy when link contained spaces or "+"
- Fixed: User who was logged in automatically by their IP address was never logged out
- Fixed: Kerio Control failed to authenticate Active Directory users with empty userPrincipalName
- Fixed: Some MAC addresses were not blocked by MAC Filter

Kerio Control Administration
+ Support for Internet Explorer 9 has been added to Web administration
+ Support for Firefox 4.0 has been added to Web administration
+ Support for Firefox 3.0 has been dropped in Web administration
* Russian and Dutch localizations have been improved
- Fixed: Kerio Control Administration: Session was lost after saving changes (WebAssist with "-32000 Error")
- Fixed: Kerio Control Administration: WebAssist "config.useSsl" is null or not an object
- Fixed: Kerio Control Administration: Unable to export configuration including SSL certificate

Kerio VPN Client
+ Support for Debian 6.0 has been added

Version 7.1.1 - March 3, 2011

* Web administration now remembers settings such as visibility, order, width of columns, and sorting in tables
* Performance of the web administration, namely when editing policies, has been improved
* Status screens such as Active Hosts now remember cursor position upon refresh. The page size has been increased too
* WINS automatic detection is now supported on Appliance and Box editions
* Direct editing of host file has been replaced by an ordinary editor
* Web Administration screens are successfully unmasked after loading data
* Weak RC4 cipher is now disabled in SSL
* DialUp interface is now dialed with default route if and only if it is in Internet group
* Improved detection of broken VPN data connection
* Appliance Edition, Box: VPN Server can now automatically detect WINS settings
* Appliance Edition, Box: It is now possible to join Windows Domain even with DNS forwarders set to both ISP and domain controller
- Fixed: HTTP Proxy slows down browsing significantly
- Fixed: NTP synchronization sometimes failed on engine startup
- Fixed: StaR failed to save statistics if any used user account had too long description with national characters in it
- Fixed: Automatic login settings were preserved from previously deleted user
- Fixed: Problems with Asus NX1101 network interface on 32-bit Windows
- Fixed: Packets on the Dial-In interface (used e.g. for PPTP connections) were dropped with the "3-way handshake not completed" error
- Fixed: POP3 inspector failed to process malformed messages causing the POP3 connection to restart
- Fixed: Proxy server doesn't generate links to parent folder on when browsing FTP server content
- Fixed: Kerio Control consumed 100% CPU on startup on Windows 7 x86 running on single core CPU
- Fixed: Mac OS X: VPN client connection does not pass any data due to incorrectly set broadcast address
- Fixed: Appliance Edition, Box: Joining domain failed if the domain controller address was entered manually
- Fixed: Appliance Edition, Box: It was not possible to join Kerio Control to Windows 2008 domain other than the forest root domain
- Fixed: Kerio Control created too many LDAP/Kerberos connections to the domain controller
- Fixed: Appliance Edition, Box: Control failed to join domain with too many domain controllers (due to truncated DNS response)
- Fixed: Upgrade sometimes failed due to incorrect location of the kwfdriver.sys file
- Fixed: Kerio Control did not work properly if it was installed in a path with national characters
- Fixed: Kerio Control sometimes failed to authenticate Active Directory user
- Fixed: Kerio Control Administration: it was possible to configure invalid port interval in IPS properties which caused that IPS engine failed to start
- Fixed: SSL-VPN failed to display network content - infinite 'Loading...'
- Fixed: Kerio Control Administration: Unable to use @ symbol in user name field when creating a PPPoE connection
- Fixed: Kerio Control Administration: Unable to set link bandwidth 0 in connectivity type Load balancing
- Fixed: Kerio Control Administration: Unable to use domain\user to authenticate on parent proxy host

Version 7.1.0 Patch 2 - December 21, 2010

- fixed handling of connections through the Dial-In interface (Windows)

Version 7.1.0 Patch 1 - December 20, 2010

- HTTP cache security vulnerability fixed

Version 7.1.0 - November 30, 2010

* Connectivity warnings will protect you before disconnecting from server while changing configuration
* Configuration assistant - most useful configuration tools at one place
* Connectivity and Traffic Policy can be configured easily with wizard
* Activation wizard will assist you to activate all purchased features
* Context help
* Interfaces and Policy rules can be configured easily using drag&drop
* Support for Parallels in virtual appliance
* System Health - overview and manage system resources
* System Tasks - restart/shutdown system (Appliance Edition only)
* Control 7.0 should be used to upgrade correctly from versions older than 6.7.0 final
* Kerio Control Administration - transition from Qt to web-based administration has been finished
* User can override MTU on Appliance Edition
* Advanced PPP parameters in Appliance Edition
* Possibility to edit server name on Windows has been restored
* Status of interfaces is updated repeatedly in Web Administration
* Links to export and import have been moved to the Configuration Assistant in Web Administration
* Background colors used in Policy screens have been improved in Web Administration
* After trial expiration, the product does not stop completely. It is possible to login and register a license or upload a license file.
* GUI completely localized to all supported languages
* ClamAV 0.94 and Visnetic antivirus plugins have been completely replaced by Sophos
* Redirection target in HTTP rule is now implicitly allowed by HTTP policy
* Dial on Demand is not supported in Appliance Edition
* Fixed: Redirection by HTTP Policy: implicitly allow redirection target
* Fixed: Kerio Control VMware Virtual Appliance hangs on 1st boot
* Fixed: Authentication against Windows 2008 Server R2 fail
* Fixed: UPnP multicast TTL problem on Windows with RRAS service enabled
* Fixed: Malformed UTF-8 characters with diacritics
* Fixed: Terminal server users cannot unlock URL rules, the Unlock button is missing
* Fixed: Web Filter: Potential security vulnerability
* Fixed: Timeout during network adapter installation (error 28201, result 0x800705B4)
* Fixed: Crash caused by improper handling of changed IP address group in configuration
* Fixed: Possible crash when exiting HTTP Proxy service
* Fixed: Some services are not started correctly when two NICs are bridged to the same physical interface in Appliance Edition
* Fixed: On some systems it is possible that Internet interface is treated as local/other interface
* Fixed: Several issues in Logs
* Fixed: Progress bar jumps semi-randomly when downloading Sophos updates
* Fixed: SSL secured interfaces cannot start when corrupted certificate/key pair is used
* Fixed: Netfilter is in conflict with MS Load balancing driver/feature
* Fixed: System Health: size of RAM bigger than 4GB displayed incorrectly
* Fixed: Problem with availability detection
* Fixed: DHCP server is able to assign obviously incorrect address
* Fixed: Sophos reported "Check failed" for PDF mail attachment
* Fixed: Editing rule name in traffic policy is unusably slow
* Fixed: design broken by new localizations
* Fixed: many minor issues

Version 7.0.2 - November 9, 2010

- Fixed: Appliance: User authentication against Microsoft Windows 2008 Server R2 can fail with error NT_STATUS_PIPE_DISCONNECTED
- Fixed: Appliance: Fragmented packets can get corrupted when forwarded between interfaces with different MTUs

Version 7.0.1 - August 4, 2010

+ VPN: Added workaround for devices with MTU fragmentation problems causing VPN dropouts (Zyxel ADSL modems)
- Fixed: IPS failed to load rules when installed in path with long filenames on filesystem with disabled 8.3 names creation (Windows Server 2008 R2)
+ Added support for intermediate SSL certificates
+ Re-added option to allow non-secure access to Web Interface
- Fixed: Dynamic DNS client could cause crash under certain circumstances
+ Software Appliance: Added support for Broadcom (R) NetXtreme II NICs
* Software Appliance: It is now possible to use '@' in username for PPPoE connection

Version 7.0.0 - June 1, 2010

+ New Intrusion Prevention System (IPS/IDS)
+ Added MAC Filter
+ Multiple IP addresses on an adapter
* License counting and policy changed
* Rebranding
+ DHCP scopes autoconfiguration (only available in the Kerio Control Administration web interface)
* McAfee Antivirus engine replaced by the new Sophos engine
+ VMware Virtual Appliance available in OVF format
+ Kerio Control Software Appliance: Added SCSI HDD drivers
+ Kerio Control Software Appliance: Added E100 network drivers
+ Kerio Control Software Appliance: Fixed 'winroute blocked for more than 120 seconds' error
+ Kerio Control Administration web interface: DHCP screen added
+ Kerio Control Administration web interface: Advanced Options screen added
+ Kerio Control Administration web interface: Logs viewer added
- Kerio Control Administration web interface: Fixed: Cannot set 0 MB/s as link bandwidth
- Kerio Control Administration web interface: Various design improvements and minor bug fixes
+ Kerio Administration Console: added link to WebFilter recategorization page
- Fixed: DNS forwarder does not work when WAN IP has been changed
- VPN Client for Mac: Fixed DNS problems on Snow Leopard
- VPN Client for Mac: Fixed: It was not possible to use some strong passwords
* Slovak localization was removed from administration interfaces
* Syslog: User cannot change Facility and Severity. These values are reset to Kerio defaults on upgrade. Check warning log after upgrade
* User cannot change paths to Control internal directories. These values are reset to Kerio defaults on upgrade. Check warning log after upgrade
* User cannot change paths to RAS before/after dial scripts. Kerio defined script names are used. Check warning log after upgrade
- Software Appliance: Fixed: Ctrl-C in Kerio Console can terminate Kerio Control
- Administration Console: Fixed: VPN IP Pool Dump crashes engine
- StaR: Fixed: Activity log was off by several hours in some time zones
- Fixed: Kerio Web Filter sometimes failed to categorize long URLs
- Fixed: NTLM authentication does not work if user name contains national characters
- Fixed: Random crash in login to Kerio Control Administration
- Added workaround in HTTP inspector for HTTP servers violating RFC by terminating headers with '0a 0a' (https://www.katasterportal.sk)
- Fixed potential crash in communication with Domain Controller over LDAP
- Fixed potential memory corruption in HTTP protocol inspector
- Fixed: Kerio Control Software Appliance can crash if a lot of (20) IP addresses are configured on an interface
- Fixed: Kerio Control Software Appliance can crash if Safari browser authenticates using NTLM

Version 6.7.1 Patch 2 - March 9, 2010

- DNS did not work when VPN client ran on Mac OS X
- Software Appliance: Fixed: IP fragmentation now works correctly
- Fixed: Random crash in login to Administration web interface
- Fixed: Long URLs are now categorized by Kerio Web Filter
- Timezone database was updated
- Software Appliance: support for more network cards and hard drives was added
- Fixed: NTLM authentication works if user name contains national characters

Version 6.7.1 - November 3, 2009

+ Software Appliance / VMware Virtual Appliance Edition
+ Active Directory Domain Integration
+ Support for Microsoft Windows 7
+ Workaround added for devices with broken PPTP support

Version 6.7.0 Patch 1 - August 17, 2009

- Fixed issue with connection to Active Directory/LDAP

Version 6.7.0 - August 1, 2009

+ Web Administration (https://:4081/admin)
+ Configuration Export/Import
* ISS OrangeWeb Filter replaced by Kerio Web Filter
+ Mac OS X Snow Leopard preliminary support
+ Microsoft Windows 7 preliminary support

Version 6.6.0 - March 31, 2009

+ VPN client for Mac OS X and Linux
+ VPN client for Windows runs as a service (it is possible to have VPN established before login to Windows)
+ VPN server propagates WINS servers and DNS domain suffix to VPN client
+ VPN client now uses primary IP address on VPN adapter (improved Network Neighborhood browsing)
+ Added support for Eset NOD32 Antivirus 3.0/4.0
- Fixed CPU load peak every 3 seconds caused by DHCP renew on VPN adapter
* The Kerio VPN Client does not allow multiple concurrent VPN connections.
* The extended and the basic mode of the Kerio VPN Client have been merged.

Version 6.5.2 - November 27, 2008

- fixed memory leak in DNS forwarder
- fixed 100% CPU bug when emailing alerts
- fixed possible crash in LDAP (this fix supposed to be in 6.5.1 but wasn't)
- fixed web interface login page did not show in Internet Explorer 5

Version 6.5.1 - October 23, 2008

- fixed possible crash in LDAP
- fixed incompatibility with VPN configured in Routing and Remote Access
- fixed possible deadlock in DNS resolver
- fixed compatibility/performance issues in UPnP
- fixed compatibility issues with Microsoft Virtual Machine
- fixed incorrect handling of static routes on interfaces in Internet group

Version 6.5.0 - September 9, 2008

+ Link Load Balancing
+ Added languages: German, Italian, French, Dutch, Portuguese, Swedish, Polish, Hungarian, Croatian, Japanese, Chinese
+ Improved UPnP support, now compliant with Microsoft Internet Connectivity Evaluation Tool:
http://www.microsoft.com/windows/using/tools/igd/default.mspx
+ Web-based dial-up management (readded feature, removed in version 6.3)
+ Nesting of URL groups is now allowed
+ Kernel drivers are now WHQL-certified and digitally signed by Microsoft (no more warnings during installation)
+ AVG 8 Anti-virus support added

Version 6.4.2 - January 24, 2008

+ Added support for Windows Server 2008 (32-bit and 64-bit)(February 13, 2008)
* New McAfee anti-virus engine version 5200. All users are encouraged to upgrade. From February 1, 2008 onwards, there will be no further Anti-Virus definition files (DAT files) quality testing with the older engine.
- Live.com was not recognized properly as a search engine
- Fixed occasional false positive P2P detection on legitimate DNS traffic
- Fixed Active Directory mapping timeouts causing delays in user-related operations, authentication, etc...
- Fixed traffic policy rules with unresolvable host names causing blocking of valid DHCP service requests

Version 6.4.1 - December 13, 2007

* Connection limit now applied on incoming and outgoing connections separately
- Fixed bug in POP3 inspector causing certain emails being blocked
- Fixed engined crash in on-demand dialing if a certain configuration was imported from KWF 6.3
- Fixed proxy server sometimes not requiring authentication for HTTPS pages
- Fixed engine was not started automatically after clean installation on Windows Vista
- Fixed inability to login to the web interface for users without the 'view statistics' right
- Fixed firewall traffic sometimes being accounted to random hosts
- Fixed broken configuration of automatic hangup after inactivity (please check your settings after upgrade to 6.4.1)
- Fixed displaying of national characters in alerts
- Fixed eTrust plug-in

Version 6.4.0 - September 17, 2007

+ User activity logs in StaR
+ Printer ready version of StaR
+ Improved overall throughput performance
+ NAT was made more traversal friendly for VoIP applications
+ Added support for popular dynamic DNS services
+ Added URL based web exclusions from StaR
+ Added support for weekly quotas
+ Added possibility to select users' preferred language

Version 6.3.1 - May 30, 2007

* link to Login Page re-added to Deny Page
* Application Layer Gateway is now detected as conflicting service (it caused FTP connections to fail)
* 'Valid On' Traffic Rule setting now always affect all existing connections
* improvements in Web Interface layout in Safari
- VPN traffic may be dropped by Anti-spoofing on server operating systems
- fragmented packets were not handled correctly under certain circumstances (some connections were blocked)
- antivirus process sometimes refused to use correctly licensed Avast
- antivirus process could crash with NOD32
- fixed crash caused by malformed StaR database file
- RFC non-compliant e-mail could become corrupted by SMTP inspector
- fixed accounting of FTP traffic through proxy server
- traffic histograms were missing in Administration Console
- redirect to website after successful login sometimes failed
- stability of the Administration Console was improved
- it was not possible to enable Clientless SSL-VPN user right in Administration Console without Kerio VPN installed

Version 6.3.0 - March 29, 2007

Major new features:
+ Statistics and reporting (StaR)
* Improved overall performance
+ Support for 64 bit systems
+ Support for Windows Vista
* Improved P2P Eliminator

Version 6.2.3 - October 12, 2006

+ added support for Internet Explorer 7 to Kerio Clientless SSL-VPN
- fixed corruption of configuration file when incorrect MAC address was entered in DHCP server configuration (This caused further changes to configuration to be mysteriously lost after reboot.)
- fixed crash when a malformed DNS response is received
- fixed crash when more than 3 custom forward DNS servers were specified
- McAfee now works even if its subscription is expired (without updates though)
- further fixes to video streaming (Amazon Music Sampler)
- fixed malformed reverse DNS queries being incorrectly resolved to valid names
- fixed missing error messages on unresponsive WWW sites
- fixed "user transfer quota exceeded" alert being sent too often
- fixed NOD32 plugin not working for SSL-VPN file transfers

Version 6.2.2 - August 7, 2006

+ added TCP MSS altering to work around nonworking PMTU discovery due to blocked ICMP (this typically fixes nonworking HTTPS pages on PPPoE connections)
* Administration Console now remembers last view in IP Address Groups, DHCP Scopes and Leases, HTTP URL Groups, Time Ranges screens
* cache memory size configuration value has been removed (the best value is now auto-detected)
* the timeout for half-open TCP connections has been decreased
- fixed deadlock in UPnP service if an interface goes up or down
- in SSL-VPN downloaded files are now forced to be saved to disk instead of opened in IE
- fixed creating of huge antivirus temporary files even though size limit was configured
- fixed occasional WinRoute service crashes during system shutdown
- fixed crashing when loading user configuration where no user has administrative rights
- fixed opened Administration Console aborting normal system shutdown
- fixed problem with temporary files occasionally remained on disk after the antivirus scanning
- fixed a potential bug that antivirus process(es) won't start during WinRoute initialization
- fixed national characters handling in the administrative password dialog in the installation wizard
- fixed loading of web pages on nonstandard TCP ports when going through multiple proxies
- fixed nonworking CNN pipeline stream videos
- fixed possibility to remove some interface statistics for some interfaces
- fixed IP addresses for hostnames in the traffic policy not being updated often enough
- fixed old half-closed FTP connections through the firewall sometimes remaining open for very long times
- antivirus scanning failures are now logged into security log
- fixed client FTP connections not being correctly reset if virus was found during the transfer.
- fixed FTP inspector could parse certain (illegal) responses incorrectly causing the affected connection to hang
- fixed bandwidth limiter behaving incorrectly if the IP address group selected there was deleted
- fixed inability to send mail through certain rare servers if TLS transfers are denied by WinRoute
- fixed possible file corruption during antivirus scanning on chunked HTTP connections
- fixed nonworking quarantine storage of infected files found in FTP transfers
- fixed changes to the default SSL web interface TCP port of 4081 not being applied until restart of WinRoute
- user manually imported from AD now have their email addresses imported (affects only newly imported users)
- fixed file and folder icons failures to load when browsing FTP via the HTTP proxy server

Kerio VPN Client 1.2.2
- fixed route to remote network being added to system even if it already exists

Version 6.2.1 - May 3, 2006

- fixed service crash in email protocol inspectors
- fixed occasional high CPU usage of the service
- fixed handling of HTTP/0.9 responses (this caused false positives of binary characters in HTTP headers)
- fixed ignoring traffic policy rules when host names were used
- fixed nonworking Windows Update via proxy server
- fixed monthly rotation of logs
* denial pages no longer use SSL (this caused unexpected SSL certificate warnings in browsers)
* improved handling of ICMP destination unreachable messages (this sometimes caused VPN tunnels to stop working)
+ added ability to select custom port for relay SMTP server

Kerio VPN Client 1.2.1
- fixed conflict with MS Firewall Client that caused OS crash

Version 6.2.0 Patch 1 - April 10, 2006

- fixed service stability issue

Version 6.2.0 - March 23, 2006

+ Bandwidth Limiter
+ Dual anti-virus
+ Product registration from the administration console
+ VPN Client now supports 64bit Windows

Version 6.1.4 Patch 2 - January 19, 2006

- fixed possible hang and 100% CPU consumption while browsing the web

Version 6.1.4 Patch 1 - January 5, 2006

+ added protection against the recent Windows metafiles vulnerability
* updated antivirus plugin for Eset NOD32
- fixed DoS caused by improper data handling in HTML content filtering
- fixed DoS when too long strings are fetched from Active Directory
- fixed engine's inability to start due to improper loading of statistics
- fixed HTML content filtering was sometimes incorrectly activated even if disabled
- fixed application of antivirus scanning rules to certain file names
- improved RTSP protocol inspector compatibility with certain servers
- fixed removal of custom service could sometimes disable related traffic policy rules

Version 6.1.4 - January 5, 2006

+ TCP sequence numbers awareness
* ICSA certificate renewed

Version 6.1.3 Patch 1 - November 16, 2005

- fixed serious bug in authentication of Active Directory users

Version 6.1.3 - November 10, 2005

- fixed possible crash when trying to receive streams from certain RTSP servers
- fixed possible hang when querying AD in some circumstances
- fixed memory leak in Active Directory mapping
- fixed filter errors in Active Directory queries
- fixed possibile successful authentication of users with disabled accounts
- fixed local database users with "@" character in their login name were not able to login
- fixed detection of RRAS demand-dial interfaces
- fixed statistics sometimes showing negative/incorrect values
- bookmarks on the SSL-VPN page are now correctly sorted
- NTLM is now disabled for Opera browser
* the MAC address/vendor database has been updated to be more accurate
* Windows Firewall service is now disabled during the installation due to persisting conflicts

Version 6.1.2 - September 7, 2005

Kerio WinRoute Firewall
+ Russian translation of all user interfaces excluding Administration Console
+ Admin console now warns if a new traffic policy could disconnect it
+ All domain controllers may now be detected automatically
* Windows Update HTTP rule was changed to work with current Windows Update
- Wrong HTTP rules were sometimes applied immediatelly after user login
- Possible crash after deleting user's statistics
- Possible crash when in lack of system resources
- Certain combination of routes to VPN tunnels could cause 100% CPU
- Changing 'VPN Tunnel' to 'VPN Clients' in Traffic Policy could corrupt configuration
- Scripts/ActiveX filtering often corrupted pages
- Newly created group could be assigned wrong rights
- Nested AD groups didn't work properly for primary groups
- Account used to access AD database did not suppor non-ASCII characters
- Quota counter was is not reset at the end of its time interval
- Quota was not applied immediatelly when reached, only after several seconds
- Mail temporary files were sometimes left on disk
- Cannot open folder in SSL-VPN if its name contained an ampersand (&)
- Admin console runtime error when deleting address group
- "Error: function called with invalid parameters" when killing connections
- Changes in configuration of users were not logged into config log
- HTTP log did not log username for all requests
- P2P alert message sometimes showed incorrect ports
- Gzip encoding for HTTP servers in LAN was always turned off
- Parent proxy password was unencrypted in configuration
- VPN was not able to deliver very small fragmented UDP packets
- Hibernation was not allowed even if VPN is not installed
- Sometimes connection failover alert might not be sent
- Alert messages in Spanish and Slovak were displayed as plain text only
- Update checker didn't indicate failures

Changes in Kerio VPN Client
+ Russian translation
- Autoconnect only works for the first server in advanced mode
- Taskbar notification area messages were incorrectly formatted

Version 6.1.1 - July 14, 2005

- fixed possible hang when hostnames are used in policies
- fixed possible crash when changing interface name
- fixed traffic policy corruption with certain interface names
- fixed possible temporary hang while sending messages to users
- fixed authentication of users when installed on a domain controller
- fixed Active Directory mapping problems with nested groups
- fixed Active Directory mapping problems with cross-domain group memership
- fixed authentication of users that are members of groups with national characters in names

Version 6.1.0 - June 23, 2005

Major new features:
+ Transparent user mapping in Active Directory domains
+ Support for multiple Active Directory domains
+ Kerio Clientless SSL-VPN
(web-based secure access to network shares in LAN)
+ Customizable routing configuration for VPN tunnels
+ Spanish localization

Version 6.0.11 - April 7, 2005

- fixed possible crash in RTSP protocol inspector
- fixed possible crash on systems with more than 64 network interfaces
- fixed several bugs in statistics calcullation
- fixed incorrect logging of broadcast packets in anti-spoofing
- fixed several issues in the remote administration protocol

Version 6.0.10 - March 22, 2005

- fixed possible crash when establishing / closing VPN connection (error 10038)
- fixed possible hang of WinRoute service when changing SSL certificate for VPN server
- fixed minor bugs in VPN server
- fixed resource leak in SMTP protocol inspector with unconfigured relay (error 10035)
- fixed collision with running ICF service on Microsoft Windows XP Service Pack 2
- fixed problem with setting user rights for installation directory on startup
- fixed problem with DNS names in traffic rules and address groups
- fixed crash caused by Avast module if it was simultaneusly used in both KWF and KMS
- several minor improvements / bug fixes in SMTP protocol inspector
- several minor bug fixes in Administration Console
+ protection of firewall host against Land attack packets
* improved antivirus scanning of files being download using download managers

Version 6.0.9 - December 9, 2004

- fixed posibility to poison DNS cache
- fixed possible CPU/memory DoS in SMTP inspector
- reduced access rights to WinRoute's directory
- fixed handling of HEAD method in HTTP proxy server
- fixed bad date in file names quarantine directory
- blocking and logging of P2P traffic is now more accurate
- invalid domain name in NT import no longer display local users
- administration console now checks passwords for maximum length
- administration console now behaves correctly if connection to the engine is lost
- fixed up&down arrow buttons in Antivirus/HTTP scanning rules
- transferred data for multimedia streams are now displayed correctly
* improved logging of ISS orange filter categorization failures
* removed SMTP NOTIFY extension from alert emails
+ SCCP (Cisco Skinny) protocol inspector now correctly handles conferrence calls
+ added ability to highlight certain lines of logs
+ support for hibernation (if VPN is not installed)

Version 6.0.8 - November 4, 2004

- fixed nonfunctional user accounts that were imported from WinRoute Pro 4.x in the past

Version 6.0.7 - November 4, 2004

* passwords for local users are now stored using stronger encryption
* workaround for strange behavior of IE back button when dropping HTTP requests (e.g. ad-blocking HTTP rule is enabled)
- fixed some HTTP and FTP rules not working randlomly
- fixed non-working HTTP and Web log in upgraded installations
- fixed FTP handling when configured to use parent proxy
- VPN routes marked as 'unknown' no longer remain in the routing table
- fixed possibility to edit int16 type options in DHCP server
- fixed support for more than 255 routes in VPN
- fixed crash of administration console in Status/Interfaces screen
- actual traffic is now displayed correctly in statistics
- fixed character coding in slovak version of web interface

Version 6.0.6 - October 5, 2004

+ HTTP, FTP, SMTP and POP3 insplectors now check JPEG files against the recent GDIPLUS.DLL vulnerability
* Cobion OrangeFilter has been renamed to "ISS OrangeWeb Filter", functionality remains the same
- fixed hanging of WinRoute service in DNS resolver
- zero quotas are no longer ignored
- fixed editing of inbound policy in the traffic wizard
- alert whan hanging up failover RAS line now displays line name correctly
- fixed blocked communication after boot if Windows Firewall is detected on Windows XP SP2
- fixed handling of messages in SIP protocol inspection

Version 6.0.5 - September 22, 2004

+ VPN clients can now be configured with custom IP routes
+ VPN clients can now be assigned fixed IP addresses
+ resizeable traffic histograms
* improved routing table screen in administration console
- fixed conflict with 3rd party applications that install custom layered service providers
- fixed boot problem on Windows 2000
- fixed handling of emails sent as attachment
- fixed transfer rate bug in traffic histograms
- fixed automatic login for IP address groups
- denying of unscannable or corrupted files now works correctly
- fixed blinking of text in logs
- SSL certificates with national characters are now displayed correctly
- fixed false installer complaint about WinRoute Pro being installed

Version 6.0.4 - August 19, 2004

- fixed dropping of NAT connections when user logs in or out

Version 6.0.3 - August 17, 2004

+ support for Windows Security Center in Windows XP SP2
- fixed incorrect handling of TLS-secured POP3 and SMTP
- dates in alert emails are now properly formated
- traffic rules with interface source no longer permit packets from firewall
- fixed file name matching in ftp policy when using MS IE as client
- "Error: function called with invalid parameters" no longer appears when clearing a log

Version 6.0.2 - August 10, 2004

+ possibility to specify file size limit for antivirus
+ possibility to duplicate rule in HTTP/FTP policy
+ firewall can be excluded from quota actions
* address group can be used for user automatic login
* several minor improvements in administration console
- fixed several bugs in SMTP protocol inspector and antivirus
- fixed memory leak if DNS forwarder was disabled
- fixed non working proxy if DNS forwarder was not configured
- fixed crash when removing DHCP scope exclusion
- fixed bug in SIP inspector
- fixed minor bug in IRC protocol inspector
- installer sometimes failed to update Kerio VPN Adapter driver and returned error 0x80070103 - fixed
- Kerio VPN adapter sometimes lost it's primary IP address - fixed
- authentication method for user imported manually from NT domain is now correctly set
- fixed non working automatic login from firewall host

Changes in Kerio VPN Client since 1.0.0:
- configuration was not saved sometimes - fixed
- "SSL error 0/5" during connection establishment replaced with more specific message

Version 6.0.1 - June 23, 2004

- fixed 100% CPU ussage on Windows servers with DNS system service enabled
- fixed DNS forwarder on Windows Server 2003 (error 4507:10013)
- fixed handling of STLS command in POP3 protocol inspector
- proxy server now works if DNS forwarder is disabled
- proxy server now does not always require NTLM authentication
- authenticating via proxy server no longer sometimes ends with a blank page
- VPN server no longer stops working when the system is under heavy load
- deleting interface no longer changes traffic rules which refer it to 'any'
- fixed crash of administration console in interface statistics
- fixed ability to edit network interfaces when VPN is not installed
- fixed disappearing of settings in the AD/NT authentication screen
- fixed wrong sorting of antivirus rules for HTTP/FTP
- log rotation is no longer grayed out when set to keep 0 files
- the number of consumed licenses is now displayed also for trial license

Version 6.0.0 - June 7, 2004

+ Integrated client/server and server-to-server VPN solution
+ Alerts and notifications
+ Antivirus protection for emails (POP3 and SMTP)
+ Improved realtime user monitoring and traffic statistics
+ P2P Eliminator - universal P2P blocking
+ Support for VisNetic Antivirus Plug-in 4