Enterprise ChangeLog

Table of Contents

See Also: Core Changelog, Masterfiles Changelog

    - Added `host bootstrap at` time fallback (ENT-6112)
    - Added comments to database schema for __hosts table (ENT-6644)
    - Inventory attribute lists are now ordered by name (ENT-6456)
    - Fixed redirect after host delete to dashboard (ENT-6427)
    - Fixed inventory report columns adding when an empty filter has applied
    - Fixed sys.release for Windows Server 2019 (ENT-4496)

        Packaging changes:
    - Mark debian 7,8, ubuntu 14, and rhel 32bit as exotics (ENT-6934)
    - Removed references to ldap-api repo (ENT-6448)
    - Use SHA-256 to checksum deps - 3.12.x (ENT-6774)
    - Use sha256 checksum for verifying deps (ENT-6774)
    - Update openssl from 1.1.1g to 1.1.1k
    - Update libxml2 from 2.9.10 to 2.9.12
    - Update apache from 2.4.46 to 2.4.47
    - Update postgresql from 10.16 to 10.17

    - Added "copy-to-clipboard" buttons on host info page (ENT-5044)
    - Fixed JavaScript error: `JSON.parse: unexpected character at line 1`
    - Fixed JavaScript error: `can't access property 0` (ENT-6056)
    - Fixed `remember me` option on the login page, inactivity threshold
      before getting automatically logged out was set to 72 hours (ENT-6106)
    - Fixed overlapping of modal windows (ENT-6094)

        Packaging changes:
    - Added build number to coreos and generic tarballs (ENT-4981)
    - Corrected AIX release version (ENT-5967)
    - Updated rsync from 3.1.3 to 3.2.3
    - Updated LMDB from 0.9.24 to 0.9.26
    - Updated libcurl from 7.70.0 to 7.72.0
    - Updated php from 7.2.30 to 7.2.34
    - Updated postgresql from 10.12 to 10.14
    - Updated git from 2.26.2 to 2.28.0
    - Updated apache from 2.4.43 to 2.4.46
    - Updated libcurl-hub from 7.70.0 to 7.72.0
    - Updated openldap from 2.4.50 to 2.4.53
    - Updated libyaml from 0.2.4 to 0.2.5

    - Fixed timing issues causing "patch failure" errors in reporting

    Packaging changes:
    - Fixed permissions on /opt/cfengine for Federated Reporting cftransport user (ENT-5438)
    - RHEL 8 CFEngine packages now rely on system OpenSSL libraries
    - Updated openssl from 1.1.1f to 1.1.1g
    - Updated libyaml from 0.2.2 to 0.2.4
    - Updated openldap from 2.4.49 to 2.4.50
    - Updated libcurl-hub from 7.69.0 to 7.70.0
    - Updated apache from 2.4.41 to 2.4.43
    - Updated git from 2.25.1 to 2.26.2
    - Updated php from 7.2.28 to 7.2.30
    - Updated libcurl from 7.69.0 to 7.70.0

    - Added tables to cleanup on host delete (ENT-5399)
    - Fixed cfdb schema migration during upgrades (ENT-5399)
    - Fixed failure renaming __status table on upgrades (ENT-5396)
    - Added ON_ERROR_STOP true to catch SQL errors earlier (ENT-5115)
    - Added `created by` column to shared dashboard list (ENT-5229)
    - Added management of account expiration for Windows user promises
    - Added possibility to clone shared dashboards (ENT-5232)
    - Added possibility to share dashboards with specific users or roles
    - Added username into apache request notes for using in access logs
    - Added warning when user with no assigned role uses Mission Portal
    - Dashboards are no longer required to have unique names (ENT-5320)
    - Changed postgresql connection hostname to use a unix-domain socket by default
    - Fixed `matches` inventory filter condition when slist had only 1 item.
    - Fixed an issue with the client_history_timeout in cf-hub (ENT-4409)
    - Fixed displaying all alerts after clicking on a widget
    - Fixed help indicator UI bug (ENT-4819)
    - Fixed host search in Mission Portal which was returning "500 - Internal Server Error"
    - Fixed inventory report scheduling in case of applied filter to a report.
    - Hosts that have not reported yet are no longer filtered out when RBAC is disabled (ENT-4712)
    - Inventory attribute list on widget adding was improved:
      - added search box
      - attribute list was alphabetized and grouped by category.
    - Reduced false positives in 'Last agent run unsuccessful' health check
    - Removed application/logs/index.html (ENT-5255)
    - cf-hub: Fixed potential buffer overflow when parsing monitoring data

    Packaging changes:
    - Added explicit build numbers to win,solaris,hpux builds (INF-1253)
    - Added checks for database state to avoid error messages during install
    - Added username from apache request notes to access log (ENT-5138)
    - Made Mission Portal application log relocation more resilient
    - Tightened Postgresql access permissions
      - Removed executable bit from unix socket
      - Removed local TCP access rules
    - Added OS specification to deb filenames (ENT-5306)
    - Added OS specification to rpm filenames (ENT-5306)
    - Added OS specification to solaris filenames (ENT-5306)

    - Added decommissioned hosts widget to dashboard (ENT-4603)
    - Changed hosts include/exclude API to POST method (ENT-4636)
    - Fixed date extraction from table name in
      promise_log_partition_cleanup postgresql function (ENT-4588)
    - Fixed small memory leak when using HA (ENT-4586)
    - Admin user is allowed to delete not reported hosts (ENT-4942)
    - Hub now properly logs an error if license counts are exceeded

    Packaging changes:
    - Added proper release number to BFF packages (ENT-4691)
    - Built packages now include mdb_load and mdb_copy lmdb utilities
    - Packaged xfs filesystem image with accompanying scripts for coreos
    - Enabled Zlib extension in PHP to support png images with alpa channel
    - Fixed OOTB https redirection when hostname -f contains uppercase
    - Set group ownership for install log to system on aix (ENT-4733)
    - Key rotation now waits for postgresql to be available (ENT-4853)
    - Eliminated git commands and other commands in post install script
    - Added 10 minutes threshold to "Agent not run recently" health
      diagnostics category to avoid showing false positive warnings in
      case of manual cf-agent execution. (ENT-4228)
    - Skip validation of required fields to be able to update only needed
      settings via LDAP API (ENT-4881)
    - Update lmdb from 0.9.23 to 0.9.24
    - Update openssl from 1.1.1b to 1.1.1d
    - Update sasl2 from 2.1.26 to 2.1.27
    - Update libiconv from 1.15 to 1.16
    - Update libxml2 from 2.9.9 to 2.9.10
    - Update openldap from 2.4.47 to 2.4.48
    - Update libcurl-hub from 7.64.1 to 7.67.0
    - Update apache from 2.4.39 to 2.4.41
    - Update postgresql from 10.7 to 10.11
    - Update php from 7.2.18 to 7.2.24
    - Update libcurl from 7.64.1 to 7.67.0
    - Update git from 2.21.0 to 2.24.0

    - Added 'What is new in cfengine 3.12.2' tour guide (ENT-4593)
    - Added HTTP's POST method support to the host API (ENT-4215)
    - Added Health diagnostic API (ENT-4444)
    - Added cleanup_historical_data function to SQL schema (ENT-4365)
    - Added data transfer module for transferring Mission portal
      settings between hubs. (ENT-4126)
    - Added login to API by LDAP user test (ENT-4363)
    - Added missing slash in async query result URL. Use server name instead of server addr
      in async query result URL (ENT-4553)
    - Added new widgets to default dashboard after upgrade (ENT-4301)
    - Added possibility to dismiss Health indicators (ENT-3950)
    - Allowed inventory API to use multiple values for one filter. (ENT-4371)
    - Changed column type from integer to biginteger for existing tables (ENT-4350)
    - Changed host tree request to the backend (ENT-4215)
    - Changed m_host to vm_hosts in Health diagnostics API to avoid
      querying to the protected materialized view
    - Changed trigger to refresh m_hosts from EACH ROW to EACH STATEMENT (ENT-4443)
    - Clarified error message when report collection data is invalid (ENT-4495)
    - Denied use of materialized view over QUERY API (ENT-4477)
    - Stopped logging each time no pending alerts found (ENT-4235)
    - Fixed Host API deletion status codes (ENT-4265)
    - Fixed detection of recent Windows versions (ENT-3363)
    - Fixed editing sub-category dialog title (ENT-791)
    - Fixed hanging reports with no errors in logs (ENT-4397)
    - Fixed host tree to show hosts when the uncategorized view is selected (ENT-4461)
    - Fixed 404 page (ENT-4270)
    - Fixed basic authentication for REST API (ENT-4349)
    - Fixed violation of unique constraint variables_dictionary_attribute_name (ENT-4342)
    - Fixed up inventory API limit in case of NULL value (ENT-4585)
    - Fixed display of inventory widgets with duplicate values (ENT-4464)
    - Fixed display of license expiration in Mission Portal (ENT-4385)
    - Fixed wrong file owner of generated scheduled reports (ENT-4600)
    - Fixed 2 small memory leaks in enterprise agent (ENT-4313)
    - Fixed a segmentation fault in parsing of reporting data
      If csv files in /var/cfengine/state/ (generated by agent runs)
      were corrupted, cf-serverd would crash while reading them.
      See corresponding commits in nova and core. (ENT-4505)
    - Fixed an issue with error handling in cf-hub delta queries
      cf-hub will now attempt a rebase if it cannot obtain the
      last report timestamp. This change only affects scheduled
      runs, not when invoked with `--query delta` from command
      line. This also means that hosts which are not present in
      status table will be rebased (not delta from 0). (ENT-4319)
    - Fixed edge case memory leak in enterprise agent/server (ENT-4313)
    - Fixed memory leaks in cf-hub (ENT-4313)
    - Fixed small memory leak in enterprise hub / agent (ENT-4313)
    - Fixed typo in host count widget
    - Fixed filtering on software available and installed reports (ENT-4278)
    - Fix up promise_log_partition_cleanup function (ENT-4588)
    - Moved Health diagnostics from Mission portal to API (ENT-4444)
    - Prevented segmentation fault in enterprise API when LicenseInfo is empty
    - Improved readability of reporting information on host info page (ENT-4531)
    - Renamed "IP Naming" to "Report Collection" (ENT-4471)
    - Renamed the 'Status' table to '__Status' with RBAC-checked view (ENT-4331)
    - Simplified error handling and messages for failed report collection (ENT-4495)
    - Updated links to postgresql docs to match running version (ENT-4436)
    - Changed to HTTPS protocol in CLI commands (ENT-4361)
    - Deduplicated license slot usage based on lastseen (ENT-4595)
    - Added validation of variable types in cf-hub (ENT-4507)
    - Fixed small memory leak when using HA (ENT-4586)

        Packaging changes:
    - Stopped checking for absence of postgresql directory before migration
    - Fixed cfengine3 init script in AIX RPMs (ENT-4305)
    - Refactored PostgreSQL migration (ENT-4353)
    - Set explicit permissions on the install log file (ENT-4506)
    - Prevented password operations from being loged (ENT-4512)
    - Updated CodeIgniter from 3.1.3 to 3.1.10 (ENT-4486)
    - Updated lcov from 1.13 to 1.14
    - Updated lmdb from 0.9.22 to 0.9.23
    - Updated pcre from 8.42 to 8.43
    - Updated sasl2 from 2.1.26 to 2.1.27
    - Updated libiconv from 1.15 to 1.16
    - Updated libxml2 from 2.9.8 to 2.9.9
    - Updated libyaml from 0.2.1 to 0.2.2
    - Updated openldap from 2.4.46 to 2.4.47
    - Updated libcurl-hub from 7.62.0 to 7.64.1
    - Updated apr from 1.6.5 to 1.7.0
    - Updated apache from 2.4.35 to 2.4.39
    - Updated git from 2.19.1 to 2.21.0
    - Updated postgresql-hub from 10.6 to 10.7
    - Updated php from 7.2.12 to 7.2.18
    - Updated libcurl from 7.62.0 to 7.64.1
    - Updated OpenSSL from 1.1.0i to 1.1.1b

    - Cleaned up grammar in bootstrap tour (ENT-3912)
    - Export with several order by expressions was fixed. (ENT-3943)
    - Fixed an issue where inventory filter value could not be changed
      after clicking close button. (ENT-3919)
    - Fixed an issue with manual cf-hub delta queries
      When invoked manually (cf-hub --query delta) it would request
      the wrong starting timestamp from client, causing patch failures.
    - Handle unauthorized XHR requests. (ENT-3992)
    - Hide edit user possibility for external users. (ENT-3940)
    - Link to host page was added in Inventory report. (ENT-516)
    - Method to define the default inventory filter condition was fixed.
    - Remove wrong code that produces warnings from cli_tasks. (ENT-3928)
    - Export reports in chunks to better handle long-running and/or large
      reports (ENT-3870)
    - Show license reminder when licenseGranted more than 25. (ENT-3653)
    - Silenced error about row number in error_log (ENT-3565)

        Packaging changes:
    - Double default max_stack_depth in postgresql.conf (ENT-2653)
    - Explicitly set unix_socket_group (ENT-4170)
    - Keep specified files in htdocs dir during the update (ENT-4063)
    - Make runalerts.php executable. (ENT-3921)
    - Only attempt to generate key during install if not present on windows
    - Only start previously running processes on package upgrade (ENT-3972)
    - Try to preserve postgresql.conf on upgrades (ENT-4089)
    - Update PostgreSQL from 10.4 to 10.6
    - Upgrade libacl from 2.2.52 to 2.2.53
    - Update libattr from 2.4.47 to 2.4.48
    - Update OpenSSL from 1.1.0h to 1.1.0i
    - Update libcurl from 7.60.0 to 7.62.0
    - Update php from 7.2.6 to 7.2.12
    - Update git from 2.17.1 to 2.19.1
    - Update apache from 2.4.33 to 2.4.35
    - Update apr from 1.6.3 to 1.6.5
    - Update libcurl-hub from 7.59.0 to 7.62.0
    - Update libyaml from 0.1.7 to 0.2.1

    - Get cmdline info about all processes at once on windows (ENT-2536)
    - Redis database and cf-consumer are no longer used
      All reports are applied to postgres from cf-hub worker threads.
      Logging and measurements have been updated to reflect this change.
      Reporting statuses (success, failure, rebase, retry) are no longer
      duplicated in these two databases. All statuses are stored and read
      from postgres
      The diagnostics measurement redis_processing_time_per_host has been
      replaced by hub_processing_time_per_host, tracking the time
      hub uses to apply reports to postgres (excluding time spent
      collecting report from client) (ENT-2814)
    - Added ability to exclude specific hosts from dashboard alert conditions
    - Added the option to skip mailing scheduled reports if 0 records added
    - System V init now notifies when it skips managing postgres because of HA
    - Inventory charts were added to dashboard (ENT-3234)
    - Custom SQL-based condition type was added (ENT-3553)
    - Remove old LDAP implementation
      /api/settings only supports ldapHost(ldapApiUrl) and ldapEnabled(ldap or
      internal) now. All other settings are managed with /ldap/settings API.
    - Mail settings were added into Settings and Welcome tour parts
    - Warn when attempting to delete missing *.diff file during serving rebase
      query by cf-serverd (ENT-3261)
    - Ensure that runalerts.php is shutdown when using sysvinit (ENT-3310)
    - Categorization view sharing in the hosts app fixed (ENT-3110)
    - Add default alert for failed policy deployment (ENT-3436)
    - Increase auto-increment limits for __PromiseLog, __MonitoringMgMeta,
      __MonitoringYrMeta tables (ENT-3404)
    - Add b-tree index for variable value - improving inventory and variable
      table equality and 'like' lookup performance (ENT-3393)
    - Improve loading of monitoring app (ENT-3232)
    - Reordered --help output and fixed smaller inconsistencies (ENT-3562)
    - Validate Class Regex properly in Mission Portal Hosts tree (ENT-3340)
    - Increase password limit to 100 characters (ENT-2767)
    - Sync masterfiles-stage with core-contrib (ENT-3434)
    - Remove extra column "host key" in report export (ENT-3102)
    - Inventory Policy Release ID by default (CFE-2097)
    - Fixed lastseen interval values in LastSeenHosts report (ENT-3320)
    - Include Agent Execution Status report in rebase query replies (ENT-3246)
    - Disable Design Center by default (ENT-3462)
    - Added inventory API
    - Speed up host tree loading (ENT-3474)
    - Include time to pack reports in benchmarks (ENT-3323)
    - Fix multiple users to subscribing to same report
    - Added Event API
    - Ignore non numeric values in free disk space report (ENT-3305)
    - Added Host count API and trend widget for dashboard (ENT-3484)
    - Inventory UI now uses inventory API (ENT-2801)
    - Increased cf-hub network timeout from 10 to 30 seconds (ENT-3153)
    - Changed exit codes of cf-hub to be much more useful
      In short, when using --query, exit code will be number of failed
      host report collections, up to 100. 101+ are reserved for specific
      error conditions. (ENT-3829)
    - Added an error summary when running cf-hub --query
    - Remove count of updates installed from host info page
      Updates installed are only available for some platforms and only from the legacy
      package promise implementation. It is being removed to avoid making users think
      no patches are installed when the platform doesn't differentiate patch installs
      from base packages (ENT-3401)
    - Query API response now properly informs of invalid requests (ENT-3226)
    - New type of report was added to identify hosts likely using same identity
    - Report Hosts never collected from was added to health diagnostics (ENT-3551)
    - Windows 10 OS is now correctly detected for platform classes (ENT-3363)

    Packaging changes:
    - Optimise Windows version generation
    - Use share/GUI as template when purging httpd/htdocs dir (ENT-3217)
    - Removed obsolete options from PostgreSQL config (ENT-3656)
    - Added cf_net.exe to msi packaging
    - Remove package installation of cf-twin (CFE-2029)
    - Remove unused sysconfig variable RUN_CF_HUB (CFE-2739)
    - Run ldap migration script in postinstall.sh (ENT-3284)
    - Ensure Enterprise Hub package upgrade aborts when backup fails (ENT-3336)
    - Enable LDAP support in PHP (ENT-3373)
    - Run ldap post-install.sh after installation (ENT-3382)
    - Set default memory_limit for php to 256M (ENT-3391)
    - Upgrade using pg_upgrade instead of dump/restore (ENT-3398)
    - Remove libphp5.so (ENT-3520)
    - Remove libmcrypt dependency
    - Update PCRE from 8.40 to 8.42
    - Update rsync from 3.1.2 to 3.1.3
    - Update PostgreSQL from 9.6.2 to 10.4
    - Update git from 2.13.0 to 2.17.1
    - Update LMDB from 0.9.19 to 0.9.22
    - Update libxml2 from 2.9.4 to 2.9.8
    - Update PHP from 5.6.30 to 7.2.6
    - Update OpenSSL from 1.0.2k to 1.1.0h
    - Update CURL from 7.54.0 to 7.60.0
    - Update OpenLDAP from 2.4.44 to 2.4.46
    - Update Apache from 2.4.25 to 2.4.33
    - Update APR from 1.5.2 to 1.6.3
    - Update APR-util from 1.5.4 to 1.6.1

    - Optimize Query API by removing subsequent count query for pagination
    - cf-monitord: fix custom measurements of type counter
    - Fix saved report access by roles (ENT-3099)
    - Add button for copy host link (ENT-3096)
    - Logs from mission portal moved outside webroot folder (ENT-2758)
    - Maintain sorting of columns in export inventory report (ENT-614)
    - Can't export csv fix (ENT-3092)
    - Make host links clickable (ENT-3094)
    - Show changes reports for “today” by default (ENT-2840)
    - Add global host search (ENT-3059)
    - Add CoreOS to the default hosts tree (ENT-3135)
    - Fix bogus error messages output from cf-monitord with custom measurements
      promises (ENT-2595)
    - Add possibility to save username with dots
    - Fix disapearing hosts after upgrade (ENT-3112)
    - Enforce license expiry correctly (remove extra month) (ENT-2261)
    - Fix file descriptor leak in hub's cf-serverd with call-collected clients
    - Stop service cfengine3 status from warning on multiple httpd processes
    - Monitoring app in Mission Portal never loads (ENT-3232)
    - BugFix: allow multiple users to subscribe to same report
    - Categorization view sharing in the hosts app fixed (ENT-3110)
    - Warn when attempting to delete missing *.diff file during serving rebase query by cf-serverd (ENT-3261)
    - Clear inventory lists from braces and quotes (ENT-154)

    Packaging changes:
    - Create a tar.gz binary package for CoreOS or other systems
    - Fix: Mission Portal availability on install without running policy
    - Fix inability to correctly manage cf-postgres service after
      upgrade (CFE-2545)
    - Relocate Mission Portal application logs
      Mission Portals application logs have moved from
      /var/cfengine/httpd/htdocs/application/logs to
      /var/cfengine/httpd/logs/application (ENT-2758)
    - Set default timezone for php to UTC (ENT-3131)
    - Update autoconf from 2.60 to 2.69
    - Update curl from 7.50.3 to 7.53.1
    - Update libiconv from 1.14 to 1.15
    - Upgrade to LMDB 0.9.19
    - Remove postgresql dependency on agents in our binary packages
    - Update libcurl to 7.54.1
    - Remove libvirt dependency from our binary packages (ENT-3164)
    - Update lcov from 1.10 to 1.13
    - Update PCRE from 8.39 to 8.41
    - Update Apache from 2.4.25 to 2.4.27
    - Update Redis from 3.2.6 to 3.2.9
    - Update PostgreSQL from 9.6.1 to 9.6.3
    - Update PHP from 5.6.29 to 5.6.31
    - Upgrade openldap from 2.4.44 to 2.4.45
    - Update Git from 2.10.2 to 2.13.3

    - Upgrade CFEngine dependencies to the following versions:
      - PostgreSQL 9.6.0
      - Redis 3.2.4
      - PHP 5.6.26
      - Git 2.10.1
    - Add: Inventory for system product name (model) (ENT-2780)
    - Change: Disable TCP and redis (ENT-2761)
    - Change: Rename duplicate bodies in ha_update.cf (ENT-2753)
    - Add: Ensure appropriate permissions for SSL files (ENT-760)
    - Fix cf-serverd being launched under wrong account on Windows.
    - Enterprise: Fix Postgres database migration from 3.8- to 3.9+.
    - Hub package no longer depends on libltdl. (ENT-2714)
    - Add: Enterprise appliaction log dir to rotation
    - Change: Session Cookies use HTTPOnly and secure attribtues (ENT-2781)
    - Change: re-enable hub process maintainance
    - Change: Disable RC4 Cipher for ssl in Mission Portal
    - Change: Reduce php info leak
    - Change: Reduce Enteprise webserver info
    - Fix errors of type "No file object exsists in path" on
    - Canonify class names stored in class history log. (ENT-2821)
    - Change: Disable autocomplete for login
    - Fix a bug which incorrectly detected PostgreSQL running
      status when running "/etc/init.d/cfengine3 status".
    - Optimize Query API by removing subsequent count query for
      pagination. (ENT-2829)

    - Change: Render Mission Portal httpd.conf with mustache
      (Jira ENT-2568)
    - Change: Switch to http redirect by default (Jira ENT-2071)
    - Fix exporting CSV reports through HTTPS. (Redmine #7267)
    - Add: Bundle to generate a self signed cert for Mission Portal
    - For call collect in Enterprise, default collect_window
      setting increased from 10 to 30 seconds for reliability reasons
      in large-scale environments.
    - Upgrade CFEngine dependencies to the following versions:
      - Apache     2.4.20
      - Git        2.8.3
      - PHP        5.6.22
      - PostgreSQL 9.5.3
      - Redis      3.0.7
      - rsync      3.1.2
      (Jira ENT-2720)
    - Fix scheduled report not beeing emailed when report type is set to only contain CSV file type.
      (Redmine #3780, #7619)
    - Introduce class json log. (Redmine #7951)
    - Introduce new promise log logging. (Redmine #7887)
    - Fix broken call collect. (Redmine #7701)
    - Fix error logging to MP via HTTPS. (Redmine #7687)

        No Enterprise specific fixes for 3.8.2, see Community changelog.

    - Upgrade CFEngine Enterprise dependencies to the following versions:
      - OpenSSL   1.0.2e
      - PCRE      8.38
      - libxml2   2.9.3
      - OpenLDAP  2.4.43
      - Redis     3.0.6
      - PHP       5.6.17
      - libcurl   7.46.0
      - Git       2.6.5

    - Move hub_log from /var/cfengine to /var/cfengine/log.
    - Change in behaviour: when running "cf-hub -q -H" manual
      report collection, policy is parsed before collecting, so there must be
      valid policy in inputs directory. (Redmine #7542)
    - Introduce by field truncation for promise execution entries.
      (Redmine #7466)
    - Move promise_summary.log into /var/cfengine/log directory.

    Bug fixes:
    - CFEngine on Windows no longer truncates log messages if the
      program in question is killed halfway through.
    - For call collect in Enterprise, default collect_window
      setting increased from 10 to 30 seconds for reliability reasons
      in large-scale environments.
    - Fix package not installing on Windows 2008 32-bit. (Redmine #7478)
    - Fix not being able to delete log files while CFEngine is running on
      Windows. (Redmine #7149)
    - Fix: Typo in cf-hub error message
    - Fix resource restrictions of SQL API matching table names as substrings.
      (Redmine #7536)
    - Removed error message from cf-serverd when not finding software inventory.
      E.g. "Failed to access current state for report: 'software'".
    - Fix last agent run timestamp in Agents not reporting (health bar).
      (Redmine #7406)

    Bug fixes:
    - For call collect in Enterprise, default collect_window
      setting increased from 10 to 30 seconds for reliability reasons
      in large-scale environments.
    - CFEngine on Windows no longer truncates log messages if the
      program in question is killed halfway through.
    - Fix: Typo in cf-hub error message
    - Removed error message from cf-serverd when not finding software inventory.
      E.g. "Failed to access current state for report: 'software'".

    Behavior changes:
    - Change in behaviour: when running "cf-hub -q -H" manual
      report collection, policy is parsed before collecting, so there must be
      valid policy in inputs directory. (Redmine #7542)

    Bug fixes:
    - Fix resource restrictions of SQL API matching table names as substrings.
      (Redmine #7536)
    - Add truncation for promise attribute sizes to prevent 
      from ignoring to long reports. (Redmine: #7466)
    - Fix last agent run timestamp in Agents not reporting (health bar).
      (Redmine #7406)
    - Fix noise from internal policy to upgrade windows agents
      (Redmine #7456)
    - Fix package not installing on Windows 2008 32-bit. (Redmine #7478)

    Mission Portal:
    - Multiple dashboards
    - Dashboard sharing
    - 'Changes' report type added
    - 'Changes' widget introduced
    - Added more out-of-the-box inventory variables

    Bug fixes:
    - Fix for health status in header occasionally not loading
    - Fixed icons disappearing from host categorization dropdown after editing
        - Process matching on Windows has been rewritten, which should make
          process promises work more reliable there. (Redmine #6977)
        - Failure in output log cleanup on Windows has been fixed. (Redmine

    - Introduce Changes API
    - Remove PromiseExecutionsLog (replaced with Changes API)
    - Remove SoftwareUpdatesLog

    Bug fixes:
    - Ignore empty log messages while logging promise executions in cf-agent evaluation.
    - Fix Postgres CPU usage spikes.
    - Fix upgrate for monitoring.
    - Fix duplicate key value violates unique constraint "status_pkey" error.
    - Reduce database size in high load hub by making vacuum strategy more aggressive.

        Bug fixes:
        - Fix cleaning-up monitoring during upgrade.
    - Remove unused bundles.lmdb to reduce agent I/O usage. 
        - Redesign classes and variables storage (for reporting) to reduce I/O usage.
        - Improve API performance for DELETE requests on /api/host/:id resources. 
        Mission Portal:
        - Small CSS changes
        - Widgets & alerts view - UI changes
        - Updated links to support portal

        Bug fixes:
        - Fix "cfe_autorun_inventory_dmidecode" error message on Windows if
          Powershell is not installed.
        - Fix bogus failed promise, "cfe_internal...", as a result of indexing
          packages for the inventory screen. (Redmine #6865)

        Mission Portal:
        - LDAP settings UI improvements
        - Unsaved SQL and Inventory Reports are preserved while refreshing/navigating in browser browser
        - Help text: Added instructions to turn on Monitoring data
        - Health bar dropdown labels and reports renamed

        - Introduce automatic rebase for the client if the client have not been successfully 
          collected for defined period of time. Timeout is set by client_history_timeout 
          attibute in hub body and if it is not set, it defaults to 6 hours.
          Note: During rebase all accumulated reports up till that event 
                are ignored and not collected by the cf-hub.

       Mission Portal:
       - Added license information to header
       - General UI cleanups and small bug fixes
       - Optimization of Software Updates alert
       - Inventory reports:
         - Made software filtering case insensitive
         - Updated help text
         - Performance improvements
       - Alerts:
         - Bug fix for duplicate alerts in overview
         - Bug fixes for deleting alerts & widgets
       - Settings:
         - LDAP search filter help text & validation

       - Monitoring magnified and monitoring yearly database schema have been redesigned
         to reduce database disk space usage over time.
       - RBAC backend have been redesigned from dynamically generated tmp views 
         to static global views that use session variables for passing context filters
         and host identifier. Filtering also switched from dynamically generated queries
         to Full Text Search.
        Mission Portal:
        - UI changes: redesigned alerts + conditions overview screen
        - Layout improvement of alert results view
        - Added navigation menu buttons to dashboard + alerts screens
        - High Availability status added to header bar
        - Custom notification script UI added to settings and alert editing
        - Added 'Low disk space' alert + 'System health' widget OOTB
        - Bug fixing/small UI improvements

       - 'cf-key --install-license' installs hub-specific license key file "fqname-hostkey.dat"
         in $WORKDIR/licenses, where they can easily be managed centrally via a VCS
       - hub-specific license file is searched in $WORKDIR/licenses before license.dat is searched
         in $WORKDIR, $WORKDIR/inputs and $WORKDIR/masterfiles
       - Where appropriate, Enterprise API returns proper NULL json objects rather than literal
         "NULL" values

       Mission Portal:
       - streamlined UI for inventory reporting
       - fix username/role lookup failures if external authentication backend is case insensitive
       - reduce number of LDAP roundtrips
       - allow filtering of reports by category
       - allow reordering of widgets on dashboard
       - UI for bulk-deleting decommissioned hosts from "health" menu
       - various behind-the-scene fixes and improvements to speed up UI and reporting

       Platform support:
       - Introduced Windows support into the CFEngine 3.6 series.

       Mission Portal:
       - UI and layout improvements and cleanups
       - Dashboard and alerts introduced
       - Inventory report type and view introduced
       - Report categories introduced
       - CFEngine health indicator added to UI with links to associated reports
       - Host number indicator added to UI
       - Inline help and help pop-ups added for new features
       - Welcome tour pop-up introduced
       - Host filter UI improvements - search host name, select/deselect all
       - About CFEngine page - license and version information has moved to a dedicated page in settings
       - Fixes for IE8 compatibility
       - Added option in UI to allow logging in to Mission Portal over https
       - Design Center sketch catalog redesign - sketches can now be filtered by category, tag, or search
       - UI to reset git settings in Design Center

       - Remove --cache / -a command line option from cf-hub binary
       - Remove --index / -i command line option from cf-hub binary
       - Remove --maintain / -m command line option from cf-hub binary (Maintenance process have been implemented in the policy)
       - Remove MongoDB Diagnostics
       - Promise repaired/notkept log have been removed from report collection. It have been replaced by promise executions report.
       - Total compliance report have been removed from report collection.
       - Setuid report have been removed.
       - Promise definitions report have been removed.
       - Promise and bundle compliance reports have been removed. Their functionality have been replaced with promise executions report.
       - Reporting database and report collection architecture have been redesigned to improve performance and scalability characteristics.
       - MongoDB reporting database have been replaced with PostgreSQL 9.3
       - Context, Variable, Software Installed, Software Patches and Promise Execution reports support history over time.
         History length is controlled per report type and can be configured in cfe_internal_hub_maintain bundle.
       - Introduce new hub query type: 'rebase' ('full' query aliases 'rebase') for re-downloading full state of the client in current moment.
         Rebase query result overwrites all non-historical entries about the host in the database.
       - Include meta data contents to contexts and variables reports.

       Enterprise Rest API:
       - Rest interface for Design center
       - Additional information returned for host (lastreport and firstseen)
       - Rest API 2.2 (/rest API) have been removed.
       - Enterprise API performance have been improved.
       - SQL API table schema have been redesigned.
       - Remove API cache.
       - Pagination and sorting improvements.
       - Introduce 'hostIdentifier' setting to /api/settings.
       - Fixes in LDAP support.
       - Delete host API now additionally removes host from lastseen database as also removes host public key.

       Bug fixes:
       - Removed MongoDB
       - cf-serverd for Windows now binds to both IPv4 and IPv6 by default, not just IPv6. (Redmine #3980)
       - cf-agent now reports host packages installed and available by default. (Redmine #3257)
       - Fixed incorrect file diff generation when a line had moved within a file, and
         certain other corner cases. (Redmine #5015)
       - Windows fixes:
         - CFEngine now handles Windows newlines correctly within text files when editing or using
           the module protocol. Existing text files will keep their newline type (either LF or
           CRLF), whereas new files will get CRLF newlines. (Redmine #4733)
         - CFEngine will no longer display a blocking popup if it crashes.
         - CFEngine now reports uptime correctly on Windows.

       Enterprise extensions:
       - Remove promise_notkept_log_include, promise_notkept_log_exclude, promise_repaired_log_include, promise_repaired_log_exclude (syntax is valid but not functional)
       - Remove classes_include, classes_exclude, variables_include, variables_exclude (syntax is valid but not functional)
       - Introduce promise_handle_include, promise_handle_exclude attributes from report_data_select
       - Introduce metatags_include, metatags_exclude attributes from report_data_select
       - Deprecate export_zenoss attribute
       - Introduce promise_execution.log containing outcome and information about all executed promises.
         It can be found under cfengine/state/ data format is CSV.
       - Agent execution time have been included into benchmarks report.
       - After disabling report_data_select filtering rule, include last known value in next packaged report.

       Bug fixes:
       - purge old data for promises with long promise handles (Redmine #3438)
       - fix constraint violation in PromiseDefinitions table which resulted in error everytime this table was loaded (Redmine #3370)
       - enable update of promise definitions database from policy
       - fix cfengine3 init.d script to correctly detect debian systems with yum installed (Redmine #3589)

       Mission Portal:
       - various layout and UI fixes
       - fix editing of event trackers
       - speed up listing of hosts for promises not kept - maintain host context (Redmine #3474)
       - ability to manually add context filter in the SQL app (Redmine #3466)
       - host identifier settings simplified (Redmine #3101)

       Packaging fixes:
       - Correct php.ini path in the packaged httpd (Redmine #3445)
       - Add missing mongodb tools in ubuntu/debian hub packages (Redmine #3444)
       - Fix manpath error for SLES (Redmine #3539)
       - Fix file permissions - some policy files had executable bit set (Redmine #3521)

       - MongoDB has been upgraded to version 2.2.4
       - monitoring data has moved into a separate database
         See db-move-monitoring-to-cfmonitor.js script to migrate data

       Bug Fixes:
       - Fix segfault of cf-serverd on HP-UX
       - Do not to start a mongodb repair unnecessarily
       - cf-hub -H now supports multiple hosts

       Mission Portal:
       - Reports can be published and shared between users
       - Various UI improvements
       - Optimizations in the report engine

       Mission Portal:
       - SQL queries can be shared between users
       - Fix timing issues for downloading large SQL reports
       - Purge sketch data when no longer used by active sketches
       - Uninstall sketches that have no activation
       - Support for boolean, menu option and optional parameters in Design Center UI
       - UI fixes to user and role management pages
       - Delete navigation tree definitions of deleted uses
       - Fixes to password reset
       - General UI improvments
       - Fixes for IE8 compatibility

       - Perform a database repair from init script if unclean shutdown of mongod is detected - Redmine #3035
       - Data collection and cf-hub
           - Improved database connection handling during report collection by cf-hub.
       - REST APIs support an optional disableCache flag; when set, the backend always hits the MongoDB - Redmine #2945

       Bug Fixes:
       - don't generate ERR message during maintenance if environments couldn't be queried, changed to INFO message
       - Fix usemodule on Windows (Redmine #1884)
       - Fixed replica set detection (regression in 3.5) - Redmine #2806
       - Set correct precision format when storing db diagnostics to avoid null-values
       - Fix possible division-by-zero bug in compliance meters (Redmine #2734)

       New features:
       - Mission Portal
           - added Design Center UI to simplify sketch activation, including MP specific git settings to support version control of sketch configurations
           - re-focused apps support quick navigation
           - added persisting host and policy context between apps
           - extended the SQL builder interface with more tables
               - Added FirstReportTimeStamp into Hosts table in SQL REST API.
                 This time value represent fist report time after bootstrap,
                 already bootstrapped agents will set this with first report after update.
               - Added regular expression support to SQL queries
               - HostContext filter support in SQL REST API.
           - added global navigation trees which are only editable by admins, including the option to share trees with other users

       - REST API extensions
           - New optional parameters for REST API were added: hostContextInclude and hostContextExclude (array type)
           - PromiseContext filter support in SQL REST API.
             New optional parameter for REST API was added: promiseContext (input: all / user / system)

       - Data collection and cf-hub
           - Added set and clear triggers for persistently disabling CFEngine components.
             eg. to disable cf-monitord, run cf-agent with "-Dset_persistent_disable_cf_monitord"
             to re-enable use: "-Dclear_persistent_disable_cf_monitord"
           - Host side report content filter for class, variable, promise log and monitoring reports.
             Controlled by report_data_select body in access promise.
           - Diagnostics logging and SQL REST API for MongoDB, report collection and maintenance process on the enterprise hub.
       - Windows
           - Windows Powershell support. execresult(), returnszero() and commands promises now
             supports "powershell" as an option in addition to the "noshell" and "useshell" variants.
             "powershell" is also added as a hard class in order to test whether Powershell is available.

       - Mission Portal
           - new visual design
           - streamlined interactions for building new trees
           - trees are now loaded lazily
           - general clean-up to the tree controls
           - hosts in trees are no longer color coded
           - hosts are only classified as red, green or missing data
           - operating system tree is now loaded by default
           - SQL queries are now run by default after clicking their respective links, running a query is now primary action in the UI (#2393)
           - data and result sets can now by filtered based on navi-tree
           - logged-in user's name is visible again in the toolbar
           - removed beta apps
       - Windows
           - Improved ACL handling on Windows, which led to some syntax changes. We now consistently
             use the term "default" to describe ACLs that can be inherited by child objects. These
             keywords have received new names:
               acl_directory_inherit -> acl_default
                specify_inherit_aces -> specify_default_aces
             The old keywords are deprecated, but still valid. In addition, a new keyword
             "acl_inherit" controls inheritance behavior on Windows. This feature does not exist on
             Unix platforms.
       - Enterprise API
           - Export SQL results to sqlite3 database file
       - Data Collection and cf-hub
           - cf-hub has got an option -q to query reports from the running agent.
             This option used to reside in cf-runagent, and has been moved to cf-hub.
           - Full and delta reports send only mon and sys variables as also hosts excluding policy
             server are reporting only subset of monitoring data.
             This can be changed using access promise in default cf_serverd.cf policy.
       - Removed license checking on hosts.

       - Mission Portal
           - promise finder now does string matching
           - assigning roles in user management now makes sense
           - report builder now has a "new query" button
           - blue hosts' lacking data history is indicated correctly now
           - CSS fixes
           - finders no longer load duplicate list items
           - Fix inconsistent behavior of black host status directly after install.
       - Enterprise API
           - Fix some REST queries not working on replica secondaries (eg. the /rest/host/:id)
       - Remove HTML output from Total Compliance report

3.0.x   Removed unused options "[-t][-r][-u]" from cf-know

3.0.1   $(sys.licenses_installtime) variable removed from "Enterprise Free"

3.0.0   New Reporting Engine: A SQL interface to reports collected by hub.

    We allow all standardised SQL SELECT constructs to query the SQL reports database, with the following additions:
        - TIMESTAMP_UNIX() - seconds elapsed since 1970
        - TIMESTAMP_UNIX_DAYS() - days elapsed since 1970
    These are added to avoid use of non-portable SQL date/time functions.

        Enterprise API:
                Read + write REST interface for
                - report querying(utilizes underlying reporting engine)
                - user management
                - can be used with REST API v1 in parallel

        Configurable hostnames(host/system identifier) in reports
                - can take any of the sys variables(eg.$(sys.fqhost))

        When decommissioning (deleting a host) from the Mission Portal/Enterprise API,
        the public keys of the clients are also removed

        Ability to delete multiple hosts from the mission portal

        Improvements on the hub maintenance process
                - less resource intensive and configurable
                - New option for cf-hub added (-m) for Enterprise database maintenance

        Fixes on database connections problems
                - If you were seeing "connection refused because too many open connections",
                  in database log please consider upgrading

        Changed "nova>" to "enterprise>" in agent verbose output
                - Please update email filters

        Removed internal CFE promises from reporting

        New classes enterprise, enterprise_X, enterprise_X_Y, enterprise_X_Y_Z
    on CFEngine Enterprise, to reflect the version running. New variable
    sys.enterprise_version that holds the CFEngine Enterprise version.
    This complements the Nova classes and the sys.nova_version variable,
    which will eventually be deprecated.

        Fix file change report containing warning message as filename for new/deleted files

        File diff log (nova_diff.log) have been extended with promise handle name.

        Total compliance output in cf-agent verbose mode and promise_summary.log
        have been extended with user and cfengine internal compliance level.

        System variables are collected by hub in every delta query

        Fix software reports showing "(never)" in the "Last seen" column

        Fix "blue hosts" list being empty for clients that don't have class keys

        Sendmail is installed by default on the hub - required for emailing of reports

        32-bit hub installations no longer supported

    Created a variable update_policy.mongodb_dir, for cases where MongoDB
    should not run out of /var/cfengine/state (could grow to tens of gigabytes).

    Removed commercial_customer class, as it was unused in internal policies.
    Please use enterprise_edition instead if you used this in your policies.

    New performance report events: DBPurgeHostsAll, DBMaintenance,
    DBMaintenanceTimestampsSingleHost, DBCacheCompliance, DBReportCollectAll.

    License verification is made more robust by not relying on the last-seen
    database anymore. This means you do not need to bootstrap a client to
    verify the license. See the cf-key --install-license option.

    More diagnostics on report collection from cf-hub. Logging more
    useful information in cf-hub -l, measuring total collection time
    in benchmarks report, under id "ReportCollectAll".

    Fixed issue where client would show as green in the Mission Portal when no
    data was received, e.g. due to access or license error at client.
    Now correctly shows as blue in these cases.

    Greatly reduced amount of connections from cf-hub
    to localhost mongodb. Now there is one connection per
    cf-hub run (max 50), before it was three per client.

    Software and variable report now contains end-node discovery time.

    Software and patches available/status reports contain maximum 5-minute old data,
    improved from 6 hours in last release. This will only apply to clients
    that are upgraded to 2.2.0.

    Software report query from Mission Portal is much faster on larger data-sets due
    to removal of autocomplete feature.

    Upgraded mongod from version 1.8.2 to 2.0.4, which increases
    efficiency on concurrency and reduces memory usage.

    New function hostswithclass() that generates a list of hosts in a given class
    on the hub.

    The bundled failsafe.cf policy now has trustkey=false to avoid IP spoofing
    attacks in default policy

    New interface with interactive graphs on Nova hub.

    User management on hub.

    Allowing TAB in file diff report. Better handling
    of large diffs and attempts to diff binaries.

    Support for adding notes to all hosts and reports.

    Support for policy staging environments.

    Nova reports can be exported to file and imported manually
    using cf-report -x and cf-report -i.

    Faster collection of monitoring (vitals) data due to
    new protocol and data structure.

    Long-term storage (one year) of diff and changes reports.

    The variables report got a last-seen column. Now variables
    are stored in the hub for a longer time like classes,
    and not overwritten on every update.

    The report of reports-promises are shown in the promise repaired log
    in the Mission Portal.

    New option cf-hub --cache, recreates the cache data needed
    by the web interface.

    Only showing the last seen host name and ip address when
    listing hosts and on the host page.

    Reliability improvements, especially when querying
    the variables report.

    Much faster report querying.

    Allows to specify age interval when querying promise not
    kept and repaired.

    Promiser conflict identifcation.

    Built with Cfengine Community Edition 3.1.4.

    Fixed promise query of not kept/promise repaired logs.

    Windows Event Logs include output_prefix if set, and which component
    reported the event. The verbosity of event logs have been reduced
    by not including promise kept and repaired events, this can now be
    tuned with action.log_level.

    Take out network communications from total state calculation,
    as it gets counted twice.

    Encryption problems fixed in Community Edition.

    Built with Cfengine Community Edition 3.0.4p3.

    Regular expressions in file paths supported on Windows by using
    forward slash as path separator.

    CPU utilization report on Windows.
    Users logged in report on Windows.

    On the Windows cf-serverd, requests for /var/cfengine are
    translated to $(sys.workdir)\Cfengine, and path separators are
    automatically adjusted ("/" becomes "\"). This yields support for
    more platform-independent promises and allows for automatic
    copying of reports from Windows clients to the policy server.

    Scale on graphs in the Knowledge Map, and different background
    color gives more readability.

    Special functions added for accessing remote classes for distributed cooperation.

    Reports added to cf-report for compliance, setuid, file_changes etc.
    Added csv format also

    Automating topic map integration of policy, with impact analysis
    using promisee and builds_on promises.

    Literal string lookup in server.

    Database SQL and registry functions added. Verification and sanity
    checking of SQL database table structure. Create and destroy
    databases convergently.

    Access control list support for Linux.

    Powerful and lightweight promises for Customizable monitoring and
    system discovery promises added to cf-monitord.

    Longterm memory for 3 year trend analysis.