The release notes are available under the Central Lock Software Release table.
|Version||Release Date||Central Lock||Virtual Central Lock|
v2.4.3 (Central Lock) - release date 2023-05-29
- Updated third party libraries to support more secure TLS 1.1 connectivity
- Indication in the user interface whether connection is a relayed (TCP) or direct VPN connection (UDP)
v220.127.116.11 (Virtual Central Lock) - release date 2022-12-13
- Resolved Access Groups issue affecting "Allow traffic between Locks" and "Allow L2 traffic between Keys" settings changing from enabled to disabled by itself when updating to version 2.6.0
v2.6.0 – release date 2022-11-16 (Virtual Central Lock only)
Supported virtualisation platforms.
- VMWare vSphere/ESXi v7.0 GA
- Microsoft Hyper-V on Windows Server 2016 and 2019
- Linux KVM
- Microsoft Azure Cloud
- Amazon AWS Cloud
Redesigned access rights management
Access Groups has been redesigned from the ground up. Access rights management is based on sets of devices and users that are grouped to create access rules called Access Groups. Access Group can consist of one or several device and user sets. Access Groups UI is modernised, graphical and mouse operated based on drag and drop gestures. All the familiar features from previous releases are supported. New Access Groups UI is fully backwards compatible, all upgraded systems will retain already created Access Groups.
Greatly enhanced cybersecurity
Virtual Central Lock underlying operating system and libraries are upgraded. Connectivity is utilising latest major VPN libraries contributing to greatly enhanced system security.
New audit trail events
Audit trail stores various actions such as system state and configuration changes. Actions can be traced, filtered and exported on the Logs view. Virtual Central Lock has received new audit events to complement increased functionality such as "System started" and "System shutdown".
Improved software update process
There are different types of updates
System upgrade – Major release containing foundational changes to the platform and applications
Software update – Minor release containing updates to selected parts of the system
Https login for web UI
Web UI access can be made via secure https protocol. Https encrypts traffic between the end user device and the web server and provides increased security. If https is enabled, it is used when accessing from the Virtual Central Lock LAN or over VPN connection.
Virtual Central Lock user manual is revised thoroughly. For example, it has a section for installation and system requirements, Access Rights Management is explained in detail, all audit trail events, and email alerts are listed.
- VPNs are not cut-off when creating or deleting VLANs
- Status page shows selected Lock and Sub Lock
- Protocol ICMP ping is now allowed in access group
- Renaming device in "Network devices" list does not result in unnecessary "Link protocol invalid" error anymore
v2.5.2 – release date 2022-06-28 (Virtual Central Lock only)
VPN Usage Logs export
VPN Usage Logs report Key user statistics from selected VPN connection. Logs can be used for tracking the amount of data transferred over the traced VPN connections. VPN Usage Log Export is used to generate reports of the data. Data can be filtered based on most important criteria such as Key or Lock name and session opening or closing time. Fixed timezone usage with log entries.
Updated system libraries and security fixes
VCL is more secure than ever. Release introduces several OS level CVE fixes and library updates including CVE-2020-1971, CVE-2020-25684, CVE-2020-25683, CVE-2020-25686, CVE-2020-25687, CVE-2020-25681, CVE-2019-14834, CVE-2020-25682, CVE-2020-25685.
Stability and scalability improvements
Large VCL deployments gain considerable performance improvement due to enhanced messaging and device polling routines. Maximum user and device limit is increased notably.
Improvements in Access Groups
Access Groups are fine tuned with several bug fixes and improvements. Clarified that connection between Keys works only in layer 2. Any Lock and Node connected over layer 3 will always have access to VCL Web UI. "Default for layer 2 Keys" setting works now, layer 2 Keys and Locks are added to the defined group.
- Fixed issue where Keys can change from layer 3 to layer 2 because of a sw bug and user loses access to VCL.
- Fixed issue where IP address or IP address range in Access Group can have global effect even though it shouldn’t.
- Fixed issues where connection names can get scrambled between VCL and the Key Manager in the Key software.
- Fixed issue where Web UI could be broken when adding blank static route.
- Fixed issue where manually added devices that are outside the IP range are not shown correctly in Web UI
- Network devices list refresh fixed without the need to reload the Status page. Edit and remove buttons work again.
- Fixed issues where duplicate system alerts were sent or no alerts were sent at all.
- Added password copy option when new administrator user password is generated.
- VCL native Chromium browser upgraded and is now in kiosk mode. Browser extensions cannot be installed anymore.
v2.5.1 – release date 2021-10-11 (Virtual Central Lock only)
- Rare incident in Access Groups can cause the firewall not configured with the new settings, recently created IP/MAC items should be recreated manually
- Stability improvement in VPN connection management
v2.5.0 – release date 2021-03-23 (Virtual Central Lock only)
- Totally new look and feel
- Online devices are grouped by Locks on the status page
Multiple admin users
- Adding more admin accounts to Virtual Central Lock now possible
- Admin password change is forced on UI after upgrade to 2.5.0
- Admins can define access schedules for Keys in access groups
Audit trail for connections
- Admins can now see where Keys connect to through Virtual Central Lock plus the connection times and transferred data amounts
- Admin actions are logged for audit purposes
- Local time made visible on the page where timezone is set
- Log events are now shown correctly on the chosen timezone
- Alerts clock now respects the timezone setting
- Removing hosts from network device list works more reliably
v2.4.2 – release date 2021-03-23 (Virtual Central Lock only)
- Interim release enabling update to 2.5.0
v2.4.1 – release date 2020-03-25 (Virtual Central Lock and Central Lock)
- Virtual Central Lock 2.4.1 supports Azure and AWS installation. Read more from the CTO’s blog
- Fixed product name shown in Alerts
- Activation is now possible with Static IP on WAN interface
- Adding a new network device does not anymore automatically create HTTP link for that device
- Fix for Alert timeout logic
- Stability & performance fixes
v2.4.0 – release date 2020-01-29
- Virtual Central lock Lite can now be downloaded.
- All free (Lite) downloads are limited to 5 connected TOSIBOX® devices (Keys, Locks, Mobile Clients)
- Status page now shows the amount of connected TOSIBOX® devices / total amount per license, and notifies the user when there are more devices connected than the license allows
- SMTP server has to be configured for email alerts to work. Tosibox email servers are not used anymore.
- Optimized loading of ‘Keys and Locks’ section on UI
- Improved reconnect time to Locks in case of a connection failure on Virtual Central Lock side
- Removing a Lock connection does not disconnect/reconnect Layer 3 connections anymore
- Fix for Internet connection status display
- Improved configuring routes from Virtual Central Lock Access Groups to Locks
- Fixed port range in Access Groups
- UI optimisations for IE
- Optimized firewall updatesSeveral stability improvements
v2.3.0 – release date 2017-12-15
- Added SoftKey support
- New device icons for different client types in web UI
- Fix for an issue where adding an incomplete static route or another default route caused system malfunction
- Fix for an issue where certain parts of the web UI didn’t work with Mozilla Firefox
- Reliability improvements
- Includes all v2.1.0 – v2.2.0 changes also for Central Lock
- Notice for Central Lock users updating from v1.4.0: This version replaces earlier IP/MAC filter functionality with Access Groups. During the update, the system will migrate most of the earlier IP/MAC filter rules to Access Groups but there can be certain configurations that cannot be fully migrated nor are supported with Access Groups, e.g. rules affecting communication between Layer 2 connections within the same LAN. Please note this before installing the update and please verify the you have correct settings in Access Groups after the update and make adjustments if required.
v2.2.0 – release date 2017-07-05
- Master Key can now be matched remotely with the Virtual Central Lock (read more)
- Access groups can now be enabled/disabled
- Mobile Clients inherit now their initial access rights from the Key that was used to create them
- Added warnings when deleting WAN or LAN interfaces
- Fix for an issue where Mobile Clients could not connect if they didn’t belong to any access group
- Fix for an issue where iOS Mobile Client could not connect
- Scan for LAN devices function fixed
v2.1.1 – release date 2017-05-29
- Fix for a mouse issue on VMWare ESXi
- Fix for an issue where the network interface ordering might have changed after adding new network adapters to the virtual machine
v2.1.0 – release date 2017-03-31
- First SW release for the Virtual Central Lock
- Support for defining access rights with access groups
- Support for virtual LANs
- New, streamlined web user interface for Central Lock and Virtual Central Lock
- Support for global Lock names
- The Lock’s name is now shown and can be changed in the web UI
- The time zone can be configured
- Added support for NTP (Network Time Protocol) server
- New production units now show the end-user license agreement when the admin logs in for the first time
- Improved reliability of refreshing status information in the web UI
- Gateway option is no longer shown for LAN and VLAN interfaces
- Mitigation for a security issue with VPN connections using Blowfish cipher: TBSA-016-301(CVE-2016-6329)
- The VPN data channel key is renegotiated much more frequently when Blowfish is used
- AES-128-CBC is now the default VPN cipher for new Lock 100 production units
- Lock-to-Lock and Lock-to-Central Lock connections now honor the VPN cipher setting of the main Lock or Central Lock
- WAN port IP address is now shown on web UI also when using DHCP
v1.4.0 – release date 2015-06-25
- Support for iOS Mobile Clients
- Key-specific IP/MAC filter: access to LAN network devices can now be defined separately for each Key
- Option to add exceptions for restricted Internet access (Industry settings ->Prevent Internet access from LAN …)
- Network device list is now sorted alphabetically in the web UI
- Available software updates are now announced in the web UI
- Support for choosing the preferred VPN data encryption cipher (AES or Blowfish)
- Improved performance with large number of VPN clients
- Improved connection establishment time for Layer 3 Key connections
- Lock’s friendly name is now visible in the alert email subject
- Connection type is now Layer 3 for all new Sub Keys and Backup Keys
- New production units have now 3072 bit RSA keys
- “Wired” text is now shown also for devices in ports LAN2-4
- Fix for an issue where connection alerts were sent even though the connection was restored before timeout
- Fix for an issue where the connection names could sometimes get lost when saving Tosibox devices page
- Fix for an issue with network device list when L3 Locks had a large number of devices
v1.3.2 – release date 2014-11-28
- Fix for an issue where the Central Lock might not reconnect to Internet after a network problem
v1.3.1 – release date 2014-11-21
- Fix for a web UI issue that affected new produced units
v1.3.0 – release date 2014-11-12
- Log data can now be exported in CSV format
- Log events are now generated for web UI login/logout
- Email alerts can be triggered also from system failures (e.g. failing hard drives)
- Connection alerts have now a configurable timeout to prevent alerts from short disconnects
- SW updates can now be installed from the web UI
- Security updates are installed automatically daily
- Initial support for AES ciphers, with AES-256-CBC as the default cipher if the client supports it.
- New options to prevent access from serialized Sub Locks and L3 Locks to Central Lock’s LAN ports
- Access from serialized Locks to Central Lock’s web UI is now prevented by default
- Web UI displays now also the physical IP for devices behind L3 locks when 1:1 NAT is in use
- Serialized L3 Locks can now access the static routes that are configured on the Central Lock
- The Internet can be accessed also from service port
- Idle bandwidth consumption reduced
- Usability improvements on edit connections page
- VPN connections are now disconnected/reconnected only when needed when saving Central Lock settings
- DNS rebind protection is now disabled to avoid possible problems
- Fix for an issue where enabling MAC/IP filter broke access from LAN to L3 Locks
- Fix for an issue where the remote support connection was not closed correctly
- Fix for an issue where changing Key’s access rights changed the connection type to Layer 3
- Fix for an issue where serializations might have gotten lost
- Fix for an issue with static host routes (netmask 255.255.255.255)
- Stability improvements