Release Date: August 2, 2022
EZproxy version 7.2.8 is a maintenance release for EZproxy 7.2. This release resolves various issues introduced in version 7.2 and prior versions.
New features and enhancements
An enhancement has been added to how EZproxy records the referring url in EZproxy. This is useful for tracking a user's journey through EZproxy.
OpenSSL v1.1.1q is included in the latest version of EZproxy. This latest version of Open SSL fixed AES OCB failure to encrypt some bytes on 32-bit x 86 platforms.
Taylor and Francis have been added to pseudonymous identifier functionality.
- Corrected behavior of the NeverProxy directive. EZproxy 7.2 introduced an issue where the NeverProxy directive could affect the behavior of other EZproxy directive depending on the order in a config file. This led to the inability to proxy certain sites. The correct behavior of the NeverProxy directive has been restored.
- EZproxy 7.2 did not comply with RFC 7231 section 4.3.2. EZproxy is inappropriately waiting for a response body from HEAD requests. The result would lead to long load times on some sites. This issue has been corrected in this release.
- EZproxy 7.2 introduced an issue with MaxSessions. On Windows, MaxSessions was set to 15000, and on Linux, if set to 75000 or lower. The status page in the EZproxy admin interface would not load. This issue was resolved in 7.2.8.
- EZproxy 7.2 introduced an issue affecting the security rules that allow databases to purge on a daily and weekly schedule. Previously, if a rule took longer than a minute to process the performance of the EZproxy server could be compromised over time. To support cleanup from sites that this issue may have impacted, the security page now includes options to trigger an immediate security database purge and an immediate security database vacuum, allowing an administrative trigger these on demand.
Caution when upgrading.
When upgrading from 7.1.X to 7.2.X a database upgrade takes place. If your security_v1.db file is located in your /security directory is large, the upgrade can take up to 15 minutes. During this upgrade, the EZproxy server is online but will be unresponsive to incoming connections.
Potential for rules to trip if a site uses Shibboleth authentication and usernames are not set in shibuser.txt.
If the EZproxy session variable login:loguser is not set in shibuser.txt, then the default username for all users using SAML authentication becomes "shibboleth." Since group rules are tripped at the username level, false rule trips may occur.
Rules with longer watch periods will consume more disk space.
Watch periods of 60 minutes or longer will consume more disk space in the /security directory to store the required evidence in the security database. You will need to monitor the disk usage in the /security database.
Some of the default rules in EZproxy 7.1 contain monitoring periods longer than 60 minutes. If you have disk space constraints, consider commenting on those rules.