Press Releases

21 November 2014 - Version 3.0.5 has been released.

The focus of this release is stability.

Feature improvements

  • Large update to Huawei dictionary.
  • Added dictionary.rfc7155
  • Regular expressions like /%{User-Name}/ are now parsed and validated when the server starts.
  • All configuration items which are dynamically expanded are now parsed and validated when the server starts.
  • %{expr:...} expressions can now do bit shifting and more. See raddb/mods-available/expr.
  • The detail file reader can now track packets which have had replies, so they are never re-transmitted. See raddb/sites-available/buffered-sql, the "track" config item.
  • CoA and Disconnect packets can now be sent to a specific home server by setting control:Packet-Dst-IP-Address and (optionally) control:Packet-Dst-Port.
  • Allow CoA and Disconnect packets to be read from the detail file.
  • Allow LDAP to specify arbitrary attributes for dynamic clients.
  • Convert all unused attributes in the control: list to config pairs in dynamic clients. This allows arbitrary client attributes to be set for dynamic clients too.
  • rlm_couchbase now supports bulk loading of clients on startup in a similar way to rlm_ldap. Contributed by Aaron Hurt.
  • Allow one level of backslashes (finally). See radiusd.conf, "correct_escapes" setting.
  • Rename dictionary.redback to dictionary.ericsson.ab
  • Add --disable-openssl-version-check option to configure. So vendors can disable the check. Patch from Nikolai Kondrashov.
  • Do context-specific indenting in debug messages. This makes the debug output easier to read.
  • Make configuration a separate RPM, just like for Debian.
  • better decoding of unknown VSAs
  • When supported by OpenSSL, allow TLS 1.1 and TLS 1.2 in EAP methods.
  • Allow multiple new connections to be spawned simultaneously in the connection pool, to cope with spikes in traffic.
  • Document retry_delay in connection pools.
  • Allow checksimul in rlm_couchbase.
  • Use kqueue on systems which support it. This allows for better scaling when using many sockets.

Bug Fixes

  • Parse list qualifiers in generic LDAP 'valuepair_attribute' attributes correctly.
  • Fix issue where prefix length would be ignored for dynamic or static clients if the address matched INADDR_ANY (0.0.0.0).
  • Allow null user object filter in rlm_ldap, it's valid to specify a complete object DN and use the base scope.
  • Don't SEGV if a received attribute value in a JSON structure is null, or a value can't be stringified.
  • Don't assert if the server returns a JSON content-type and the server hasn't been built with support for JSON. Closes #808.
  • Set CURLOPT_NOSIGNAL to prevent curl from handling signals and causing a longjmp error when the server was running with threads.
  • Allow tabs after attribute names in the "users" file. Closes #796.
  • Free unknown DICT_ATTRs. Closes #795
  • Handle unknown attributes in the conditions and "update" sections. e.g. Attr-1.2.3.4 = foo.
  • Use correct array size for MS-CHAP new password.
  • In rlm_rest, check for older versions of libraries at start time, rather than when a packet comes in.
  • Don't call detach on parse error in rlm_perl. Closes #802.
  • Integer fixes for big-endian systems. Closes #803.
  • Don't optimize %{Packet-Src-IP-Address}. Closes #804.
  • dhcpclient loads dictionaries correclty. Closes #805.
  • double quotes are no longer escaped in single-quoted strings. e.g. 'foo "hello" bar'.
  • Fixes for proxying to virtual servers broke the detail file reader. Now they both work.
  • Typos and fixes from Nikolai Kondrashov.
  • Fixes to OpenSSL version checks, for cross-platform issues.
  • cppcheck fixes from Herwin Weststrate.
  • Fix build for OSX Yosemite
  • Merge DHCP sub-options. Closes #812.
  • Fix decoding of Starent attributes.
  • When a module asks for a connection, don't return idle connections.
  • LDAP connection timeouts will now retry, instead of failing.
  • Prevent race conditions between fork and wait for child. Patch from James Rouzier.
  • Fix triggers for connection pools. Patches from Nikolai Kondrashov.
  • Fix SEGV when comparing non string type check items.
  • Build with newer versions of libmysqlclient.
  • make the %{escape:} and %{unescape:} xlat functions UTF8 safe.
  • Don't escape UTF8 chars in SQL query strings.
  • Fix issue in cached LDAP group comparisons, which caused checks to sometimes fail.
  • Fix use after free issue in unlang switch evaluation.
  • Respect operators in rlm_cache when merging into the current request.
  • Update Cache-Entry-Hits each time rlm_cache is called.
  • Produce WARN messages if SQL queries are empty strings.
  • Fix invalid assertion when proxying CoA requests.
  • Allow empty strings in "case" statements. Closes #836.
  • Normalize escaping for string expansions. i.e. don't do double escaping in rare situations.
  • Normalize LDAP escaping. LDAP servers have multiple ways to escape things, so the data has to be normalized before we can compare two LDAP DNs.
  • Don't go to high debug level if we're proxying inner EAP as EAP. Closes #839.
  • Fix rlm_rest state handling. Closes #835.

18 November 2014 - Version 2.2.6 has been released.

The focus of this release is stability.

Feature improvements

  • When supported by OpenSSL, allow TLS 1.1 and TLS 1.2 in EAP methods.

Bug Fixes

  • Fix redundant-load-balance blocks to try other modules in the group if one fails.
  • Fix potential read into uninitialised memory in rlm_pap when normalising octet type attributes containing password hashes. This is very unlikely to happen in the wild.
  • Don't stop decoding DHCP options if we find a padding option.
  • Define sig_t on systems which don't have it. Closes #765
  • When clients are loaded from SQL, allow them to be tied to a virtual server.
  • Prevent race conditions between fork and wait for child. Patch from James Rouzier.
  • Allow UTF-8 characters in SQL.
  • Back-port udpfromto fixes from v3

10 Sept 2014 - Version 3.0.4 has been released.

The focus of this release is stability.

Feature improvements

  • Home server "response_window" can now take fractions of a second. See proxy.conf.
  • radmin now supports "show module status", as the counterpart to "set module status"
  • Added dictionary ericsson.packet.ccore.networks, bluecoat, citrix, compatible, riverbed, ruckus, and RFC 7268.
  • Add %{tag:} expansion to get the tag value of an attribute.
  • Report 'application_name' in connections to PostgreSQL servers. FreeRADIUS connections will now appear as 'FreeRADIUS <version> - <name>' in pg_stat_activity.
  • All config item fields are now type checked at compile time to prevent issues similar to #634 occuring again.
  • Modify pairparsevalue to deal with embedded NULLs better, and use the binary versions of attribute values in rlm_ldap.
  • "ipaddr" will now use v6 if no v4 address is present. You should use "ipv4addr" or "ipv6addr" to force v4/v6 addresses.
  • The above applies to "listen", "home_server", and "client" sections.
  • "client" sections will allow "ipaddr = 192.192.0/24". The old "netmask" is still accepted, but the new format is preferred.
  • Allow custom HTTP headers to be set for rlm_rest requests using control:REST-HTTP-Header (attributes consumed after use).
  • Extend format of %{rest:} expansion to allow HTTP method and POST data to be specified e.g. %{rest:POST http://example.org/api foo=bar&baz=boink}.
  • Add %{hmacsha1:&data &key} and %{hmacmd5:&data &key} expansions for signing data in requests.
  • rlm_cache now consumes its control attributes to make runtime configuration easier.
  • Add control:Cache-Read-Only which when set to 'yes' will make the cache module merge existing cache data, but not create new entries.
  • Add %{unescape:} and %{urlunquote:} expansions to reverse escaping and urlquoting.
  • Add support for aliases in rlm_ldap.
  • Add support for connection pool sharing to all modules that use the connection pool (pool = <instance>).
  • "tls" sections now have a "psk_query" configuration item, for dynamic queries to discover a key from a PSK identity.
  • Preliminary support for EAP channel bindings.
  • Foundational work for dynamic home servers. They do not yet work, but this is now only a matter of updating the "realm" module in a future release.
  • Support &attr[*] syntax to copy all instances of an attribute when used with the += operator in an update section. May be qualified with a tag.
  • The logintime and expiration modules can now be listed in the post-auth section. This makes some configurations simpler.
  • Allow comparison of integer attributes of different sizes, without requiring a cast.
  • rlm_sqlippool is now IPV6 capable. Set "ipv6 = yes" to get Framed-IPv6-Prefix returned. The SQL queries have NOT been updated. Please submit patches.
  • The debian build now checks for the OpenSSL package with the heartbleed fix, and if found, sets: allow_vulnerable_openssl = 'CVE-2014-0160'
  • allow bootstrap from multiple files in sqlite driver.

Bug Fixes

  • make case-insensitive regular expressions work again, and add tests for them.
  • A few more talloc parenting issues
  • Fix delayed proxy reply handling. Closes #637
  • Fix OpenSSL initialization order when using RADIUS/TLS. Fixes #646
  • Don't double-quote strings in debugging messages
  • Fix foreach / break. Fixes #639
  • Chargeable-User-Identifier, ADSL-Agent-Circuit-Id and ADSL-Agent-Remote-Id should be "octets" types in the default dictionary.
  • Fix typo in mainconfig. Fixes #634
  • More rlm_perl fixes. Fixes #635
  • Free OpenSSL memory on clean exit.
  • Fix <attr>[0] !* ANY - Was removing all instances of <attr>
  • Fix case where multiple attributes were returned from RHS of mapping, as with rlm_ldap. Fixes #652
  • Fix corner case in cursor where using fr_cursor_next_by_da after calling fr_cursor_remove may of resulted in a read of uninitialised memory.
  • Don't SEGV if all connections to a database server go away. Fixes #651.
  • Fix issue where <attr> -= <value> was not removing tagged instances of <attr> equal to <value> (only untagged).
  • Fix issue where tag values were not being set on attributes created with unlang/ldap update blocks.
  • Create rlm_sqlcounter attributes as integer64 types instead of integer types, so large counter values can be specified.
  • Fix issue where specifying a dynamic client IP addresss using FreeRADIUS-Client-IPv6-Prefix or FreeRADIUS-Client-IP-Prefix may have caused a validation error.
  • Don't print two "&" for messages about attribute or list references in debug output.
  • Fix urlquote and escape to encode Unicode characters correctly.
  • Fix redundant-load-balance blocks to try other modules in the group if one fails.
  • Fix issue with rlm_pap password normalisation where 'known good' password strings stored in octets type attributes, would be sometimes misnormalised as base64.
  • Don't stop processing DHCP options if we find a 0x00 padding option.
  • Fix issue where modifying the value of an attribute created from a template with a literal value, may have resulted in the template literal being freed.
  • Fix parenting issues in tls code which may have resulted in memory corruption and crashes.
  • Fix issue in radsniff where writing to PCAP files and using -R response filters, where the requests would still be written to the PCAP for non matching responses.
  • Define __APPLE_USE_RFC_2292 so that the server builds with IPv6 support on OSX.
  • Fix LDAP group lookups for named rlm_ldap instances. Note that attribute references should be used when checking LDAP-Group attributes. e.g. if (&LDAP-Group == 'foo').
  • Delayed attribute references can now be used in unlang existence checks. i.e. if (&Attribute-Name) { ... }
  • Fix issues in EAP-PWD. CVE-2014-4731, CVE-2014-4732, and CVE-2014-4733. There is no external authentication bypass.
  • Fix a number of uses of the talloc parent/child reference.
  • Release connection used for reading bulk clients in rlm_ldap.
  • rlm_rest is now fail-safe if it's used without any configuration
  • Pull in build fixes for FreeBSD from ports.
  • Fix error in sqlite postauth query
  • Evaluate argument to "switch" statements once, instead of for each "case" statement.
  • Define sig_t on systems without it. Closes #765.
  • Fix boundary issue with rlm_rest. Closes #768
  • Optimize "%{Attribute-Name}" in comparisons only if the dictionary types match.
  • Don't do chmod() in rad_mkdir() if the directory already exists. We might not have permission to change it.
  • Use getpwnam_r() and getgrnam_r() on systems which support it. Closes #775.
  • Clients loaded from SQL are now tied to the "listen" section of a virtual server, instead of being global.
  • Check for -lpcre. The system might have pcre.h without -lpcre.
  • When proxying to a virtual server, use the proxy_reply instead of ignoring it.
  • Fixed typos in DHCP SQL IPPool.
  • Fix crash when passing multiple arguments to Perl xlat.

12 May 2014 - Version 3.0.3 has been released.

The focus of this release is stability.

Feature improvements

  • Everything now builds with no warnings from the C compiler, clang static analyzer, or cppcheck.
  • rlm_ldap now supports defining the LDAP attribute name via backticked expansion (i.e. shell command) in RADIUS <-> LDAP mappings.
  • rlm_ldap now supports older style generic attributes.
  • dynamic expansions (e.g. "%{expr:1 + 2}" are now parsed when the server starts. Syntax errors in the strings are caught, and a descriptive error is printed.
  • Static regular expressions (e.g. /a*b/) are now parsed when the server starts. Syntax errors in the strings are caught, and a descriptive error is printed.
  • dynamic expansions are cached after being parsed. They are no longer re-parsed at run-time for every request.
  • regular expressions are now parsed and cached when the server starts.
  • Added the %{rest:} expansion to rlm_rest, which will send a GET request to the URL passed as the format string. Any body text will be written to the expansion buffer.
  • rlm_rest now available as a debian package.
  • When an 'if' condition statically evaluates to true/false, unlang does more static optimization. For examples, see src/tests/keywords/if-skip
  • All modules are marked as safe for '-C', which lets the dynamic expansion checks work in more situations.
  • Added 'none' and 'custom' rlm_rest body types. 'custom' allows sending of arbitrary expanded text and content-type headers.
  • Added "config" section to Perl. See mods-available/perl
  • Added '%v' which expands to the server version - Patch from Alan Buxey.
  • more mis-matched casts are caught in "if" conditions, and descriptive errors are printed.
  • Support basic response validation in radclient. This allows administrators to write local test cases for their site-specific configurations.
  • Removed radconf2xml and radmin "show client config" and "show home_server config".
  • Forbid running with vulnerable versions of OpenSSL. See "allow_vulnerable_openssl" in the "security" subsection of "radiusd.conf"
  • Catch underlying "heartbleed" problem, so that nothing bad happens even when using a vulnerable version of OpenSSL.
  • Add locking API for sql_null, linelog, and detail modules, which should improve performance and work around issues on platforms with bad file locking.
  • Allow DHCP NAKs to be delayed, via setting reply:FreeRADIUS-Response-Delay = 1
  • Allow tag and array references anywhere attributes are allowed in "unlang".
  • many enhancements to radsniff, including output to collectd, ipv6 support and packet loss statistics.
  • Many dictionary updates (ZTE, Brocade, Motorola).
  • rlm_yubikey now automatically splits passwords from OTP strings.
  • The detail file reader is now threaded by default. This should improve performance reading the files.

Bug Fixes

  • Fix xlat expression %{attribute[n]} so that it actually returns the n'th attribute instead of the first one.
  • Don't parse string on RHS of update {} when using unary operators (!*). The RHS should always be ignored.
  • Check for more optional functions in json-c so we can Build with libjson0, which is the name of the json-c package on debian/ubuntu.
  • Fix issue in radmin where the main dictionaries would not be loaded which, depending on the configuration, may have caused validation errors.
  • Fix handling of "%{reply:3GPP-*}"
  • Fix rlm_perl garbage attributes
  • Fix oracle SQL queries, which amongst other things still used the old expansion format, which is no longer supported/parsed.
  • Truncate long format strings and error markers instead of omitting them.
  • Fix multiple attribute parsing in rlm_rest JSON.
  • Don't crash in rlm_rest if connect_uri is commented out in the configuration.
  • Don't double-escape strings to / from Perl. You may need to double-check your Perl scripts if they use "\" characters. See mods-available/perl for documentation.
  • Don't re-run "authorize" if a home server fails to respond.
  • Don't append "0x" to hex output of octets types, for xlat expansions. This is the same as v2, and makes it easier to concatenate multiple attributes of type "octets"
  • FreeBSD fixes for execinfo linking.
  • Make some of the module configurations more consistent.
  • Fix corner cases where STDOUT wouldn't be closed in daemon mode.
  • Re-enable "update coa" and originating CoA requests.
  • Prevent multiple threads writing to the sql query logs.
  • Fix zombie period calculation. Closes #579
  • Properly parent VPs for talloc, when moving them in map2request.
  • Various fixes for talloc parent / child relationships
  • Allow rlm_counter to support VSAs.
  • Normalize return codes for many modules. "do nothing" is noop, not "ok".
  • Run Post-Proxy-Type Fail. Closes #576
  • Fix DHCP destination port for replies to relays. Closes #591
  • Do-Not-Respond policy works again Closes #593
  • Proxy-To-Virtual-Server works again. Closes #596
  • Build fixes for ancient systems. Closes #607, #608, #609.
  • %{Module-Return-Code} works again. Closes #610.
  • Don't increment statistics for Status-Server responses. Closes #612.
  • A duplicate request isn't a duplicate if the original one is marked "done". This should lower retransmissions from clients.
  • Fix multiple regular expression and glob memory leaks.
  • Don't allocate any memory in fr_fault() as it can cause malloc to deadlock.
  • Temporarily set dumpable flag before calling system in fr_fault() else the debugger may not be able to attach.
  • Set nonblock on all TCP client sockets.
  • Fix minor buffer overrun in mschapv2 where some attribute strings were not correctly \0 terminated.
  • Fix crash on authentication failure with MIT kerberos.
  • Fix code so that octal escape sequences aren't prematurely unescaped in rlm_sql, radclient, preprocess, and other places. This may require configuration changes, as these sequences will no longer need double escaping (\\) of the backslash.
  • The connection pools no longer have one connection used twice in certain rare conditions.
  • Use self pipes for internal signals. The code was there, but was unused.
  • Don't crash if there are outstanding EAP sessions and were told to exit gracefully.
  • Fix typo in dictionary.rfc4072

28 April 2014 - Version 2.2.5 has been released.

The focus of this release is stability.

Feature improvements

  • Update dictionary.terena and dictionary.zte.
  • Expose server version via %v. Patch from Alan Buxey.
  • Forbid running with vulnerable versions of OpenSSL. See "allow_vulnerable_openssl" in the "security" subsection of "radiusd.conf"
  • Catch underlying "heartbleed" problem, so that nothing bad happens with EAP even when using a vulnerable version of OpenSSL.

Bug Fixes

  • Minor changes to build on Sun.
  • Print non-ASCII characters as octal in linelog. Closes #578.
  • Fix zombie period calculation. Closes #579

21 March 2014 - Version 3.0.2 has been released.

The focus of this release is stability.

Feature improvements

  • secret keys and LDAP / SQL passwords are now printed as '<<< secret >>>' in debugging mode. Use -Xx to see the actual passwords.
  • Print out more information about passwords in -Xx, including hashes, comparisons, etc.
  • Allow cast (and implicit conversion) of integers to IPv4 addresses
  • More xlats allow attribute references. This means they can operate on binary data. e.g. expr, base64, md5, sha1.
  • Added more tests.
  • The dictionaries are now auto-loaded. raddb/dictionary should no longer have $INCLUDE ${prefix}/share/dictionary
  • A "panic_action" can be set to have the server dump a gdb log on SEGV or other fatal error. See radiusd.conf
  • Add support for SHA-224, SHA-256, SHA-384, SHA-512 to rlm_pap.
  • Add "%{sha256:}" and "%{sha512:}" xlat functions.
  • Cache CUI in EAP session resumption.
  • templates can now have sub-sections, which will be included in the section referencing the template.
  • Update more dictionaries.
  • Added more instances of the "always" module, for all return codes.
  • Suppress broken NASes when proxying. Retransmits which occur more than once per second are rate-limited to once per second.
  • Allow '&' in more xlat expansions.
  • Update PostgreSQL schema and queries to record last updated time, and accounting interim.
  • Optimize more "if" conditions when the server loads. This will avoid work at run time. e.g. ("foo" == "bar") --> FALSE.
  • Allow removal of all attributes within a list with !* operator.
  • Allow list to list copies with request qualifiers (outer.).
  • Add support for ipv4 prefixes and ipv6 addresses and prefixes to %{integer:}.
  • allow radmin command "set module status <module> <code>" which can be used to forcibly enable/disable modules.
  • pap module now assumes Cleartext-Password if Password-With-Header doesn't have a {...} header.
  • Added "unpack" module. It can unpack binary data from horrible VSA formats. See raddb/mods-available/unpack
  • Added example IP Pool for DHCP, using sqlite. From Matthew Newton See raddb/mods-config/sql/ippool-dhcp/

Bug Fixes

  • Fix SQL groups.
  • Fix operation of fr_strerror() with RE*() macros.
  • Don't assert if the connection we're trying to reconnect is not in_use.
  • Fix %{mschap:User-Name} xlat.
  • Allow comparisons of signed integers and of ethernet addresses.
  • Fix parsing of text-based ascend binary filters.
  • Fix a few minor Coverity and clang analyzer issues.
  • Log WARNING and ERROR prefixes only once, not twice.
  • Fix attribute truncation seen in Perl and other places.
  • Use correct port when DHCP relaying.
  • Fix behaviour on FreeBSD where sending packets from an interface bound to an IP address would fail when the server was built with udpfromto.
  • Don't abort() when freeing home servers on exit.
  • Fix edge case in pairmove() when some attributes could be over- written.
  • Do checks for individual sqlite v2 functions so rlm_sqlite builds correctly with more versions of the library.
  • In heimdal kerberos, create MEMORY ccaches on a per context basis. This prevents issues with the root ccache being used.
  • Fix corner case with proxying, where home server goes down.
  • Rate-limit "max_requests" complaint. We don't want to fill the logs when something goes wrong.
  • Use /dev/urandom for raddb/certs/random, if it exists.
  • Issue WARNING that old-style clients should no longer be used.
  • Auto-set secret to "radsec" for tcp+tls home servers.
  • Fix double free in home_server_add when there is a parse error on startup.
  • rlm_unix checks if the dictionaries are broken, instead of crashing
  • Fix potential memory corruption when normalising salted password hashes from hex, where the combined hash and salt was > 64 bytes.
  • Register sqlcounter attributes correctly, and other issues with it
  • treat 127.0.0.1/32 as being identical to 127.0.0.1
  • Don't mangle error output of SQL drivers like PostgreSQL
  • Fix usage of "tls = ${tls}". It could previously cause problems when the reference was used multiple times.
  • Fix TLS session leak for incoming sockets.
  • Try harder to clean up memory on exit when using "-mM"
  • Fix memory leak when home server is down for RadSec connections
  • rate-limit outgoing connection attempts when the home server is down. It will retry no more than once per second.
  • When parsing ipv6 address prefixes, always mask off the host portion.
  • Fix rlm_counter so that it does not create two reply attributes.
  • Fix issues with DHCP Sub-TLVs where the value of the first Sub-TLV would appear corrupted, and subsequent TLVs would not appear in debug output.
  • Initialize scope in IP address parsing
  • Prevent vendor attributes and RFC space attributes from clashing in rlm_attr_filter.
  • Set source IP address for DHCP packets from DHCP-Server-IP-Address, or DHCP-DHCP-Server-Identifier, if we're unable to otherwise determine the source IP.
  • Fix POST attribute parsing in rlm_rest.
  • Fix JSON attribute parsing in rlm_rest.
  • Don't append trailing & to POST options in rlm_rest (minor).
  • Process HTTP 100 Continue messages correctly in rlm_rest
  • Fix generation of long > 512 byte POST payloads, where attribute values on the chunk boundary may have been omitted in rlm_rest.
  • Remove duplicate escape sequence parsing in rlm_sqlippool and rlm_sqlcounter which caused issues with escaping %. Escape sequence parsing is now handled purely by the xlat functions.
  • Ensure %% is treated as a string literal, and so not passed to any xlat escape functions for processing.
  • Correct calculation of Message-Authenticator for CoA packets. Closes #556

19 March 2014 - Version 2.2.4 has been released.

The focus of this release is stability.

Feature improvements

  • A "panic_action" can be set to have the server dump a gdb log on SEGV or other fatal error.
  • allow radmin command "set module status <module> <code>" which can be used to forcibly enable/disable modules.

Bug Fixes

  • If the server fails to bind() after fork(), that is now reported to the parent, which exits with an error.
  • Session / delay times in MySQL are unsigned int.
  • Use --tag=CC for libtool. Closes 497. Because libtool is too stupid to notice that compiling means compilation.
  • Fix bug when copying attributes for vendors > 32767
  • Fix behaviour on FreeBSD where sending packets from an interface bound to an IP address would fail when the server was built with udpfromto.
  • Don't fail config check if were listening on an IP which is also a home server. Some deployments have valid reasons to loop packets back to another virtual server.
  • Use correct port when DHCP relaying.
  • Set source IP address for DHCP packets from DHCP-Server-IP-Address, or DHCP-DHCP-Server-Identifier, if we're unable to otherwise determine the source IP.

Older Press Releases

2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005.