What's new in ServerDefender VP 2.2.7
Jul 27, 2016
- Resolved issue with insecure HTTP cookies being forwarded to HTTPS.
New in ServerDefender VP 2.2.6 (May 19, 2015)
- Updated GeoIP library for improved country blocking
- Updated the JSON parser library
- Resolved issue where IP block counter was not incremented when the IP was temporarily blocked from an email alert
- Resolved issue impacted web summary reports when viewed on the host
- Added ability to edit blocked IP addresses from the LogViewer
- Resolved issue where file uploads would fail if renamed in the settings manager
- Resolved issue where naming convention for HTTP errors did not match in the Log Viewer and Log Viewer filter
- Resolved issue where an URL can be bypassed as well as added to a blocked list.
- Improved error logs for buffer overflow attacks
- Added functionality to sync site status with IIS configuration on apply
- Added input sanitization in the HTTP response for the ServerDefender response template
- Removed full control permission from ServerDefender install folder and child folders
New in ServerDefender VP 2.2.4 (Sep 30, 2014)
- Implemented Libinject for SQL Injection attack detection.
- Fixed issue of Images and CSS not loading in SharePoint 2007(due to read permission on folder).
- Data paths also checked for attacks in the URL string.
New in ServerDefender VP 2.2.3 (Oct 2, 2013)
- On Session Expiry set to Minimum, unnecessary session expiry template sent. Blank page is shown when session expires.
- SDVP GUI hangs on showing LogViewer balloon tip.
- Show GMT and Local date/time in Log Viewer.
- SDVP now sends logs to Syslog server and also TCP based alert messages.
- Added auto Purging of SDVP logs.
- Blank page when 404 error template is turned off. Bug: If 404 template is not enabled, then SDVP does not allow to enable 404template.
New in ServerDefender VP 2.2.2 (Jun 1, 2013)
- Added custom protection profiles for Joomla and WordPress.
- Added ability to import settings from another installation.
- Added rules to block JavaScript attack vector where query has no name.
- Updated headers to include Date/Expires headers and removing multiple cache-control headers.
- Improved performance with Smooth Streaming video application.
- Improved SDVP performance to prevent against slowing or hanging.
- Improved functionality with Japanese, Chinese, and Korean characters.
- Improved usability when file upload file is changed.
- Improved usability for sites that require Microsoft Office file uploads.
- Improved Log Collector tool to include selector to collect logs for specified dates only.
- Fixed issue where SDVP is bypassed in some situations where site has web directories with different application pools.
- Fixed issue where SDVP crashes due to Heap corruption.
- Fixed issue where
- Fixed issue where logs incorrectly shows IP/country block in remarks column for some categories.
- Fixed issue where in some instances SDVP logs POST data without regarding log verbosity.
- Fixed issue where blank page is served when JavaScript is not enabled in web browser.
- Fixed issue where SDVP would use large amount of memory upon applying changes to large number of sites (100+) simultaneously.
- Fixed issue where unecessary data files are created in logs.
- Fixed issue where post limit is not reflected in IIS config file.
New in ServerDefender VP 2.2.1 (Nov 10, 2012)
- UI changes for Session Expiry Response Templates.
- Code optimized for for scenarios where many sites are present in IIS.
- Added functionality to allow for log collection for debugging purposes after SDVP has been uninstalled
- Fixes issue when adding new site in Windows 2008.
- Input exception fields no longer subject to miscellaneous checks.
- Fixes SESSION_EXPIRATION logging issue.
- Fixes issue where some log records were split into two lines in Log Viewer.
- Fixes GUI crash issue when site is costumized with Config Wizard running.
- Fixes issue in PHPIDS implementation.
- Fixes problem with log verbosity in buffer overflow cases.
New in ServerDefender VP 2.2.0 (Sep 15, 2012)
- Support for Windows 2012
- Improves profile for OWA
- Usability improvements to input exception dialog
- Adds bulk exceptions on 404s (redirecting)
- Makes redirect the default exception action for innocent 404s
- Resolves file upload blocking issue
- Resolves issue with country IP blocking
- Resolves issue for UI hang
- Resolves partial install issue
New in ServerDefender VP 2.1.1 (Jul 10, 2012)
- Windows 7 compatibility added
- Removed default local IP exceptions
- Directory browsing issues fixed
- Additional debug logging added for diagnosis of GUI issues
New in ServerDefender VP 2.1.0 (Jul 10, 2012)
- Added geographic IP blocking by country of origin
- Added a severity filter to the Filter Options in Log Viewer
- Added an informational severity classification and reclassified certain events as informational
- Allowed List in Resources tab now supports allowing default documents
- Updated documentation
- Numerous bug fixes
New in ServerDefender VP 2.0.2 (Mar 19, 2012)
- Removed dependence on IIS 6 Role Services for GUI Components
- Added ActiveAlert feature - ability to block and unblock IPs from alert emails
- Resolved shared memory cleanup issues, access violation on service restart
- Implemented fail-open pattern in event that SDVP Service becomes unavailable
- Minor UI improvements in LogViewer
- Minor UI fixes
- Improved default error templates
- Documentation update
New in ServerDefender VP 2.0.1 (Feb 24, 2012)
- Slide Into Security:
- A lot of customers told us that they loved the power and flexibility of SDVP 1.0. But many were also a bit overwhelmed by all the configuration options. They asked us if we could find a way to simplify the complexity, while keeping it available if needed.
- The answer is the new Standard View. The fine-grained control of SDVP 1.0's GUI is just a button click away if you need it. But Standard View encapsulates most of those configuration options into just two smart slider controls - Enforcement Level and Logging Level
- Reports You'll Look Forward to Reading:
- A lot of SDVP 1.0 customers appreciated the Daily Reports - summaries of the most important security events and trends. But our just-the-facts, plain text emails weren't always the easiest things to read or interpret - especially on the go.
- In SDVP 2.0 the Daily Report emails are attractive and easy-to-scan, with the most important info bubbled right to the top. They do a great job of highlighting the vital data you need to keep informed about the security of your sites - even when you're not at your desk.
- One Wizard to Rule Them All:
- SDVP 1.0 customers told us that they appreciated the wizards we included to make setup easer - but that four wizards was about three wizards too many. We agree! So now there's just one - but it's smart enough for every occasion.
- Need to get up and running as quickly as possible? Go with the Config Wizard's Standard Mode - it will get you there in just a few screens. Have a lot of complex Web apps and need to tune each one's security just so? Expert Mode is right for you