Log Message:
ntopng: updated to 5.2.1

ntopng 5.2 (February 2022)

Breakthroughs
* New ClickHouse support for storing historical data, replacing nIndex support \ 
(data migration available)
* Advanced Historical Flow Explorer, with the ability to define custom queries \ 
using JSON-based configurations
* New Historical Data Analysis page (including Score, Applications, Alerts, AS \ 
analysis), with the ability to define custom reports with charts
* Enhanced drill down from charts and historical flow data and alerts to PCAP data
* nEdge support for Ubuntu 20
* Enhanced support for Observation Points

Improvements
* Improve CPU utilization and memory footprint
* Improve historical data retention management for flows and timeseries
* Improve periodic activities handling, with support for strict and relaxed \ 
(delayed) tasks
* Improve filtering and analysis of the historical flows
* Improve alert explorer and filtering
* Improve Enterprise dashboard look and feel
* Improve the speedtest support and servers selection
* Improve support for ping and continuous ping (ICMP) for active monitoring
* Improve flow-direction handling
* Improve localization (including DE and IT translations)
* Improve IPS policies management
 * Add IPS activities logging (e.g. block, unblock)
* Improve SNMP support
 * Optimize polling of SNMP devices
 * Improve SNMP v3 support
 * Add more information including version
 * Stateful SNMP alert to detect too many MACs on non-trunk
 * Perform fat MIBs poll on average every 15 minutes
 * Add preference to disable polling of SNMP fat MIBs
* Add more information to the historical flow data, including Latency, AS, \ 
Observation Points, SNMP interface, Host Pools
* Add detailed view of historical flows and alerts
* Add support for nProbe field L7_INFO
* Add ICMP flood alert
* Add Checks exclusion settings for subnets and for hosts and domains globally
* Add CDP support
* Add more regression tests
* Add support for obsolete client SSH version
* Add support for ERSPAN version 2 (type III)
* Add support for all the new nDPI Flow Risks added in nDPI 4.2
* Add extra info to service and periodicity map hosts
* Add Top Sites check
* REST API
 * Getter for the bridge MIB
 * Getter for LLDP adjacencies
 * Check for BPF filters
 * Score charts timeseries and analysis

Changes
* Encapsulated traffic is accounted for the lenght of the encapsulated packet \ 
and not of the original packet
* Remove nIndex support, including the flow explorer
* Remove MySQL historical flow explorer (export only)
* Hide LDAP password from logs

Fixes
* Fix a few memory leaks, double free, buffer overflow and invalid memory access
* Fix SQLite initialization
* Fix support for fragmented packets
* Fix IP validation in modals
* Fix netplan configuration manager
* Fix blog notifications
* Fix time range picker to support all browsers
* Fix binary application transfer name in alerts
* Fix glitches in chart drag operations
* Fix pools edit/remove
* Fix InfluxDB timeseries export
* Fix ELK memory leak
* Fix TLS version for obsolete TLS alerts when collecting flows
* Fix fields conversion in timeseries charts filters
* Fix some invalid nProbe field mapping
* Fix hosts Geomap
* Fix slow shutdown termination
* Fix wrong Call-ID 0 with RTP streams with no SIP stream associated
* Fix ping support for FreeBSD
* Fix active monitoring interface list
* Fix host names not always shown
* Fix host pools stats
* Fix UTF8 encoding issues in localization tools
* Fix time/timezone in forwarded syslog messages
* Fix unknown process alert
* Fix nil DOM javascript error
* Fix country not always shown in flow alerts
* Fix non-initialized traffic profiles
* Fix traffic profiles not working over ZMQ
* Fix syslog collection
* Fix async SNMP calls blocking the execution
* Fix CPU stats timeseries
* Fix InfluxDB attempts to alwa re-create retention policies
* Fix REST API ts.lua returning 24h data
* Fix processing of DNS packets under certain conditions
* Fix invalid space in SNMP Hostnames
* Fix REST API incompat. (/get/alert/severity/counters.lua, \ 
/get/alert/type/counters.lua)
* Fix map layout not saved correctly
* Fix LLDP topology for Juniper routers
* Fix not authorized error when editing SNMP devices
* Fix double 95perc, splitted avg and 95perc in sent/rcvd in charts
* Fix inconsistent local/remote timeseries
* Fix Risks generation in IPS policy configuration
* Fix deletion of sub-interface
* Fix deadline not honored when monitoring SNMP devices
* Fix traffic profiles on L7 protocols
* Fix TCP connection refused check
* Fix failures when the DB is not reacheable
* Fix segfault with View interfaces
* Fix hosts wrongly detected as Local
* Fix missing throughputs in countries

Misc
* Enforces proxy exclusions with env var `no_proxy`
* Move Lua engine to 5.4
* Major code review and cleanup

nEdge
* Add support for  Ubuntu 20
* Add ability to logout when using the Captive Portal
* Add per egress interface stats and timeseries
* Add active DHCP leases in UI and REST API
* Add daily/weekly/monthly quotas
* Add service and periodicity maps and alerts
* Fix Captive Portal not working due to invalid allowed interface
* Fix addition of static DHCP leases
* Fix factory reset
* Fix reboot button

ntopng 5.0 (August 2021)

Breakthroughs

* Advanced alerts engine with security features, including the detection of \ 
[attackers and \ 
victims](https://www.ntop.org/ntopng/how-attackers-and-victims-detection-works-in-ntopng/)
 * Integration of 30+ [nDPI security \ 
risks](https://www.ntop.org/ndpi/how-to-spot-unsafe-communications-using-ndpi-flow-risk-score/)
 * Generation of the `score` [indicator of \ 
compromise](https://www.ntop.org/ntopng/what-is-score-and-how-it-can-drive-you-towards-network-issues/) \ 
for hosts, interfaces and other network elements
* Ability to collect flows from hundredths of routers by means of [observation \ 
points](https://www.ntop.org/nprobe/collecting-flows-from-hundred-of-routers-using-observation-points/)
* Anomaly detection based on Double Exponential Smoothing (DES) to uncover \ 
possibly suspicious behaviors in the traffic and in the score
* Encrypted Traffic Analysis (ETA) with special emphasis on the TLS to uncover \ 
self-signed, expired, invalid certificates and other issues

New features

* Ability to configure alert exclusions for individual hosts to mitigate false \ 
positives
* FreeBSD / OPNsense / pfSense [packages](https://packages.ntop.org/)
* Ability to see the TX/RX traffic breakdown both for physical interfaces and \ 
when receiving traffic from nProbe
* Add support for ECS when exporting to Syslog
* Improved TCP analysis, including analysis of TCP flows with zero window and \ 
low goodput
* Ability to send alerts to Slack
* Implementation of a token-based REST API access

Improvements

* Reworked the execution of hosts and flows checks (formerly user scripts), \ 
yielding a reduced CPU load of about 50%
* Improved 100Kfps+ [NetFlow/sFlow collection \ 
performance](https://www.ntop.org/nprobe/netflow-collection-performance-using-ntopng-and-nprobe/)
* Drilldown of \ 
[nIndex](https://www.ntop.org/guides/ntopng/advanced_features/flows_dump.html#nindex) \ 
historical flows much more flexible
* Migration to Bootstrap 5
* Check malicious JA3 signatures against all TLS-based protocols
* Reworked Doh/DoT handling

Fixes

* Fixes SSRF and stored-XSS injected with malicious SSDP responses
* Fixes several leaks in NetworkInterface

Notes

* To ensure optimal performance and scalability and to prevent uneven resource \ 
utilization, the maximum number of interfaces handled by a single ntopng \ 
instance has been reduced to
 * 16 (Enterprise M)
 * 32 (Enterprise L)
 * 8  (all other versions)
* REST API v1/ is deprecated and will be dropped in the next stable release in \ 
favor of REST API v2/
* The old alerts dashboard has been removed and replaced by an advanced alerts \ 
drilldown page with integrated charts