CHANGELOG

2.1.20
UTIL:
* type=xpath | introduce "actions=set-text:NODETEXT"
* type=rule | new 'filter=(app has.seen.fast-api unknow-tcp)' - to filter for device traffic log if specific app-id was seen
* type=rule actions=exporttoexcel | extend with column 'url-category'
* type=bpa-generator | introduction to support offline XML config file
* type=bpa-generator | improve offline config handling
* type=tsf | in addition to extract XML config, also extract /tmp/cli/techsupport_*.txt
* type=bpa-generator | introduce support to reach techsupport.txt from TSF /tmp/cli/techsupport_*.txt
* type=bpa-generator | introduce support to handle TSF file from 11.1
* type=certificate | introduce actions=exporttoexcel:CERT_file.html | 'filter=(expired < 90days)' | 'filter=(expired < today)'
* type=certificate actions=exporttoexcel:file.html | extend with column subject and issuer

BUGFIX:
* type=gcp actions=download | bugfix to handle command order correctly
* type=rule actions=stats-XYZ-FastAPI | bugfix to read argument correctly

GENERAL:
* GENERAL: Device App-ID update to version: 8763-8333
* class Zone.php | extend validation for new PAN-OS features 'net-inspection' 'prenat-identification'


2.1.19 (20231006)
UTIL:
* different classes | improve usage of flag 'XML_PARSE_BIG_LINES' in method loadXML
* class PANConf / Panoramaconfg | implement method ChildDeviceGroups() for 'location=shared:excludemaindg'
* type=gcp | introduce argument 'namespace=XYZ' to specify and better filter for get pods
* type=device | introduce actions=virtualSystem-delete/sharedgateway-delete/sharedgateway-migrate-to-vsys
* type=static-route | introduction of new type= | with 'filter=(nexthop-ip is.set)' / (nexthop-vr is.set) / nexthop-interface is.set) /  (destination ip4.includes-full 172.33.10.0/23)
* type=static-route actions=delete | introduce new action
* type=rule | introduce actions=from-/to-remove-from-file:FILE.txt
* type=XYZ | introduce new arguments: shadow-loadreduce - to not update TAG object related address-groups | debugloadtime - display load time for specific XML sections
* develop | introduce config_validation.php
* type=appid-toolbox | improvements for further. new features - example rule address/service report generator
* type=rule actions=name-replace-character | set default value for replace to ''
* type=rule | introduce new actions=stats-appid-fastapi:-90days/stats-service-fastapi:/stats-address-source-fastapi/stats-address-destination-fastapi/stats-address-fastapi/stats-traffic-fastapi
* type=routing | introduce actions=exporttoexcel:file.html
* type=routing | introduce 'filter=(protocol.bgp is.enabled)'
* type=gcp | introdruce $namespace | improve handling for tenant like togglesvc
* type=xpath | introduce actions=remove | introduce 'filter-text=NODETEXT'

BUGFIX:
* class PANConf|VirtualSystem | bugfix to support SharedGateway also for Tag objects correctly
* type=xml-issue | bugfix to display read-only DeviceGroup duplicate address-group fixes correctly in summary
* type=address-merger | bugfix - do not merger address objects if tag count of planned merged object exceeds PAN-OS limit of 64 tag members
* type=address-merger | bugfix for removing tag objects from upper level, if adr merged objects are using them and tag is also available at address level
* bugfix for argument 'location=shared:excludemaindg' on FW config file
* type=schedule | bugfix actions=replacewithobject:OBJECTNAME

GENERAL:
* Class VirtualSystem/SharedGatewayStore | better handling of version variable
* update actions/filter JSON file
* APP-ID update to Device App-ID version: 8762-8327


2.1.18 (20230920)
BUGFIX:
* type=address/service 'actions=move:shared,skipIfConflict' | bugfix as variable $findSubSystem was not declared for targetlocation 'shared'


2.1.17 (20230920)
UTIL:
* type=certificate | extend to TemplateStack
* introduce class SharedGatewayStore | extend different classes to support SharedGateway
* type=zone | extend with SharedGateway
* type=rule | extend with SharedGateway
* type=service | improvement for SharedGateway - class VirtualSystem
* develop script "shared_gateway.php" | introduction
* type=address in=api://192.168.55.129 'actions=combine-addressgroups:{NEW_GROUP_NAME},true' 'filter=(name regex /{FILTER}/)'
* type=gcp actions=validation | introduction of new action
* type=gcp actions=image-validation | introduction of new action
* type=device | extend to display for FW config, per default also all sharedgateways in additional to vsys

BUGFIX:
* type=ssh-connector in=admin@MGMT-IP setcommand-file=set-commands.txt | bugfix to correctly send set commands

GENERAL:
* update App-ID version to: 8756-8298


2.1.16  (20230908)
UTIL:
* type=address | new 'filter=(name same.as.region.predefined)'
* class UTIL | extend if API mode - with App-id/AV/WF/Threat version info
* type=address | introduce 'filter=(tag is.set)'
* type=xml-issue | extend with rule tag object validation for twice set the same tag object
* introduce GroupTagRuleContainer to all Rule classes

BUGFIX:
* class Sub | bugfix for default-securiy-rules | if partial config is already available
* type=address-merger | bugfix to not delete TAG object from upperlevel if TAG object with same name exist at childDG
* type=address/service actions=move | bugfix if group with same name already exist - correctly skip movement
* class PANConf | fix for PHP 8.2
* type=address/service actions=move:shared location=any - bugfix for Firewall config
* type=rule-merger | bugfix to not add description twice, which exceeds description length to >1024
* type=tag actions=delete 'filter=(object is.unused) | bugfix for group-tag used in Rules, reference missing
* introduce GroupTagRulecontainer - to fix type=tag-merger issue if group-tag is used
* class PANConf - bugfix for type=stats on FW config for tmp/ghost object count on 'shared'
* type=XYZ outputformatset=setcommand.txt | bugfix to always have correct xPath availalble for set commands
* bugfix - related to TAG objects where name include character '(' and/or ')' - final fix for tag-merger including method createTag()
* bugfix for argument outputformatset - no multi-vsys device - remove vsys1 to fit set commands

GENERAL:
* develop pan-os-php-api | per default enable shadow-json checkbox  - with shadow-nojson, output has a bug and filter are not working correctly - fixing later


2.1.15 (20230830)
UTIL:

BUGFIX:
* type=address/service 'filter=(object is.unused/is.unused.recursive) | overwritten objects used at higher DG level are now also used
* bugfix to create correct XML file Increament for prettyXML - so that it is identical to Panorama / Firewall created config
* README.md - fix broken links

GENERAL:


2.1.14 (20230829)
UTIL:
type=rule actions=display | introduction of argument actions=display:hitcount,ApplicationSeen

BUGFIX:
* type=vendor-migration | general bugfix to use correct baseconfig file if no argument in= is defined
* class AddressGroup | bugfix for missing function type() - related to type=address actions=move
* type=rule location=DG1 'actions=move:DG2,pre' - no rulename change
* class AddressCommon | bugfix if rule is already deleted - AddressRuleContainer is NULL => type=rule actions=removeWhereUsed
* type=rule | bugfix for actions=exporttoexcel - to correctly display columns

GENERAL:
* update to  App-ID version: 8748-8241


2.1.13 (20230810)
UTIL:
* type=address | introduction of actions=upload-address-2cloudmanager:panorama.xml,DGname && actions=upload-addressgroup-2cloudmanager:panorama.xml,DGname
* type=address actions=upload-address-2cloudmanager | extend validation if object name is already available
* type=servicegroup-merger | introduce validation extension for childDG merger
* type=rule-compare | exend with argument 'keepJSONfile1' and 'reuseJSONfile1'
* type=rule-compare | introduce argument 'generateRuleHtmlFile'
* type=servicegroup-merger | extend with childancestor validation
* type=service actions=exporttoexcel:file.html | introduce additional arguments nestedmembers
* type=XYZ actions=exporttoexcel:file.html | use single function to create spreadsheet content
* type=dhcp | introduce actions=exporttoexcel:file.html
* type=dhcp | improvement for actions=exporttoexcel
* type=dhcp actions=display/exporttoexcel | extend with additional DHCP information
* type=rule 'actions=exporttoexcel:file.html,resovleservicesummary' | extend with column service_resolve_nested/_name/_value/_location
* type=service actions=exporttoexcel:file.html | correct predefined service-http/-https output
* type=address/server actions=exporttoexcel:file.html,nestedmembers | extend with column nested members location
* class Address - use $RuleReferenceLocation
* type=zone | introduce 'filter=(interface is.set)'

BUGFIX:
* class Region | bugfix - introduce method type() - to handle "type=address actions="
* type=address actions=move - bugifx/workaround - do not move region objects
* type=addressgroup-merger | bugfix to check childancestor objects availability
* type=addressgroup-merger | bugfix if multiple childDG has same objectgroup incl. value, but one differ; stop merging
* class AddressGroup  | bugfix for method expand() - to correctly extract all submembers and their value for type=rule 'actions=exporttoexcel:file.html,resolveaddresssummary'
* type=address actions=exporttoexcel:file.html | bugfix to crash for tmp objects
* type=dhcp actions=exporttoexcel | bugfix to add correct template
* class PH - workaround for none working API mode connector - discard setType()
* class RULEUTIL - defaultSecurityRules not available in Fawkes Snippet
* type=rule - actions=display/exporttoexcel:resolveaddresssummary | add new src/dst_resovled_sum - for better nested calculation

GENERAL:
* PAN-OS dynamic content update to version  8741-8213


2.1.12 (20230731)
UTIL:
* type=bpa-generator | extend response output if not valid JSON
* type=gcp | extend for mysql usage and bring in mysql pw in type=key-manager

BUGFIX:
* type=XYZ | in=api://{MGMT-IP} actions=name-rename - bugfix for API usage

GENERAL:


2.1.11 (20230721)
UTIL:
* type=rule | introduce new 'filter=(timestamp-rule-creation <>=! -30 days)' | timestamp-rule-modification
* type=address | introduce 'filter=(value ip4.included-in RFC1918)'
* type=device | introduce actions=xml-extract
type=bpa-generator | extend output if task_id was not correctly available in response

BUGFIX:
* type=rule actions=exporttoexcel | bugfix for field 'ID' to not add additional data column
* type=rule actions=exporttoexcel:file.html,resolveAddresssummary | bugfix to display IP value summary for ip-wildmask objects
* class Addresscommon | bugfix for type=address-merger

GENERAL:
* general - update dynamic content to version: 8729-8157
* * class EthernetInterface - adding/removing address object instead of IP address - extend with stopping e.g. for type=address actions=name-rename if object is used on ethernet interface


2.1.10 (20230714)
UTIL:
* type=address | introduce actions=move-wildcard2network

BUGFIX:
* type=custom-url-category-merger | bugfix to merge correctly objects in DG hierarchy - add reason for exportcsv=file.html
* type=custom-url-category-merger | introduce argument allowaddingmissingobjects
* type=playbook | adjustment to fit to PHP version 8.1.x

GENERAL:


2.1.9 (20230712)
UTIL:
* type=key-manager - extend support for new connection method "in=sase-api://"
* type=address/service/rule/tag/schedule | enable support for actions=display with method "in=sase-api://"
* type=rule | introduce 'filter=(group-tag is.regex /VALUE/)'
* type=tag-merger | extend output why it can not be merged
* different object classes | introduction of sase-api connection - update / separation between XML API and SaseAPI
* type=address-/addressgroup-/service-/servicegroup-/tag-merger | extend with in=sase-api:// support
* in=sase-api:// - Strate Cloud Manager | extend reading objects based on type=
* type=rule | actions=display/exporttoexcel - extend additional argument ResolveAddressSummary with name/ip value from nested members
* type=xml-issue  | extend check with secRule category field for ANY + other category configured
* type=custom-url-catgory-merger | introduction of new merger utility
* type=XYZ | actions=exporttoexcel:file.html - introduce ID field
* type=addressgroup-merger exportcsv=file.html | extend skipped information with reason column

BUGFIX:
* class Zone.php | bugfix to create XML node "zone" if not yet available during creating of a new Zone
* type=address-merger | bugfix if overwritten object has not same value
* type=vendor-migration | bugfix for wildcard 0.0.0.0 - do not replace leading 0
* type=tag in=sase-api:// | bugfix to handle tag color information correctly
* type=address actions=move:DGNAME | bugfix if same object name is available on upperlevel
* type=rule actions=exporttoexcel:FILE.html,resolveAddresssummary | bugfix correction of 0.0.0.0/24 to 0.0.0.0/0
* type=address | bugfix for dynamic address-groups which are using address objects with tag filter from upper level
* type=rule-compare | bugfix for correct address-group member IP resolution calculation based on rule DG membership
* type=addressgroup-merger | bugfix to NOT replace a member with same name as the AddressGroup

GENERAL:
* develop - start sase.php _ first version to use sase-api
* develop sase.php | check also post rulebase
* introduce a new connection method "in=sase-api://"
* general | introduce argument shadow-saseapiqa for in=sase-api://


2.1.8 (20230614)
UTIL:
* type=addressgroup-/servicegroup-merger - add additional output reason if groups can not be merged
* type=userid-mgr | correct usage of objectsLocation variable
* type=rule ruletype=nat | introduce 'actions=SNAT-set-interface:INTERFACE-NAME'
* type=dhcp | introduce 'actions=dhcp-server-reservation-create:IP,mac'
* type=service actions=name-charachter-replace:SEARCH,REPLACE - new default REPLACE value is ''
* type=service 'filter=(name regex /ARGUMENTS/) - introduce variables same way as type=address 'filter=(name regex //)-  'possible variables to bring in as argument: $$current.name$$ / $$protocol$$ / $$destinationport$$ / $$soruceport$$ / $$timeout$$'
* type=service | introduce actions=timeout-halfclose-set/timeout-timewait-set & filter=(timeout-halfclose is.set/timeout-timewait is.set / timeout-halfclose.value <>=! / timeout-timewait.value >,<,=,!
* type=address | introduce 'filter=(value netmask.blank32)'

BUGFIX:
* type=appid-toolbox | bugfix for none declared variable php 8.1
* type=rule | bugfix 'filter=(dst has.recursive.from.query subquer1)' - adjust behaviour as for 'src has.recursive.from.query'
* type=address actions=move:shared | bugfix - add validation if address object has tag, that this tag must be available at target DeviceGroup
* type=vendor-migration vendor=ciscoasa - bugfix if staticroute destination is using wildcard netmask
* type=rule ruletype=nat 'actions=snat-set-interface:ethernet1$$2' | bugfix to change config also in offline config mode
* type=application 'actions=move:DGname' | bugfix if XMLnode for TargetDG is not yet available
* type=software-remove - bugfix - skip wildfire remove - fix for PHP 8.1

GENERAL:
* develop f5_bigip.php | improvement - PANOS do not support ServiceGroup description
* general | dynamic content update to version 8721-8111


2.1.7 (20230525)
UTIL:
* type=xml-issue | extend for duplicate search on readonly device-group

BUGFIX:
* type=address-/service-merger | bugfix if two childDGs are having same object name and value - but somewhere in parentDG hierarchy below the target location DG planned for creating merged object - object with different value is available
* type=tag-merger | bugfix to exclude only these tag with different value (different color) - and merge with same value

GENERAL:


2.1.6 (20230525)
UTIL:
* type=rule-compare | improve output to also fit for argument 'shadow-json'
* class Address/ServiceCommon | improve text output for type=address-/service-merger
* type=upload | extend to copy XML node from argument in= to argument out= - first version focus on Device-Group

BUGFIX:
* type=service-merger | bugfix for merging objects which are overwritten but with different protocol
* type=address/service-merger | bugfix - extend validation if objects can be merged
* class PanoramaConf | bugfix for type=device actions=devicegroup-create:NAME,parent - parentDG was not set correctly
* type=address/service actions=move:DG | bugfix - add additional validation for move to upper/lower level DG - if another object with same name will change behaviour
* f5_bigIP | bugfix for ServiceGroup which can not handle Description based on PAN-OS
* type=addressgroup-/servicegroup-merger | bugfix - extend validation to not merge/move objects if not same members
* type=xml-issue | bugfix - wrong XML node variable used for application Node deletion

GENERAL:
* dynamic content updated to version: 8713-8071


2.1.5 (20230516)
UTIL:
* develop utility | introduce rule_compare_src_dst_srv_summary
* type=device | introduce actions=template-clone:NEWtemplateNAME 'filter=(name eq OLDtemplateNAME'
* type=rule actions=exporttoexcel:file.html,ResolveAddressSummary | extend with resolveValue field
* class RulewithUserID - read user information always as lower case - no case sensitive needed
* type=rule-merger | argument additionalmatch - change supported argument from 'logprof' to 'logsetting'
* type=address 'filter=(object is.region)' - extend display with custom region value information
* type=rule-compare | introduce new utility - to compare rule SRC/DST/SRV of two files

BUGFIX:
* type=address | bugfix for filter=(value string.XYZ ) if Object of type Region is hit
* type=rule-merger | bugfix if panoramapostrules and no rule are set for exportcsv
* class UrlCategoryRuleContainer | bugfix for PHP 8.1 - variable not set
* type=address-merger | picketObject from upperlevel of type TMP is not possible - do not merge
* general - different classes - reordering reading of region objects - as these are taking precedence compare to address-group and address
* type=service-merger | bugfix to not delete object if merge is not possible - rare condition related to object overwritten at lower level
* type=address-/service-merger | bugfix to NOT replace an overwritten object with different value with an object from upper level

GENERAL:
* extend resources folder for ip_Protocol and Region IPv4/v6 files


2.1.4 (20230512)
UTIL:
* type=vendor-migration | improve output if arguments are missing

BUGFIX:
* type=vendor-migration vendor=ciscoasa | fix to avoid none object to read isGroup()
* type=vendor-migration vendor=ciscoasa | bugfix for creating service - to not add e.g. tacacs as service port

GENERAL:
- update dynamic content to Device App-ID version: 8708-8036
- improvements for PHP8.2 - deprecated variable declaration | function utf8_encode()


2.1.3 (20230511)
UTIL:
* type=rule ruletype=nat | introduce 'filter=(natruletype is XYZ)' - 'ipv4', 'nat64', 'nptv6'
* type=rule ruletype=nat | introduce 'filter=(snatinterface is.set)'
* type=rule ruletype=nat 'actions=exporttoexcel:test-export-service.html' | introduce nat_rule_type
* type=rule ruletype=nat | actions=display - introduce dnattype, dnatdistribution
* type=rule ruletype=nat | introduce 'filter=( dnattype is.dynamic )  | (dnattype is.static) | (dnatport eq SERIVCEport) | (dnatdistribution is.round-robin / is.source-ip-hash / is.ip-modulo / is.ip-hash / is.least-session)
* type=rule actions=exporttoexcel:file.html | extend with dnat_type, dnat_port, dnat_distribution field
* type=rule ruletype=nat | introduce 'filter=(dnatport is.set)' - improvements to handle dnat fields
* type=gcp | improve helper tool for specific mgmtsvc tenant
* type=rule ruletype=nat actions=exporttoexcel:file.html | extend NAT rule information with dst_interface and snat_interface
* type=rule actions=exporttoexcel:file.html - rename column 'type' to 'rule_type'

BUGFIX:
* type=rule ruletype=nat 'actions=exporttoexcel:test-export-service.html,ResolveServiceSummary' | bugfix for service count
* type=rule ruletype=nat | bugfix for 'filter=(dnatport eq 22)' - (dnatport has xxx) delete as missleading information

GENERAL:
* remove alias | pa_migraiton-parser, pa_appidtoolbox-* - as now covered with alias 'pan-os-php type='
* update utility information about actions / filter


2.1.2 (20230428)
UTIL:
* type=rule-merger | introduce additionalmatch=logprof - to also check that only rules with same logging profile are merged
* type=device | introduce 'filter=(devicegroup with-no-serial)'
* type=gcp | introduce actions=offboard | extend authentication with automatically open Google Chrome
* type=appid-toolbox | introduction of new type | integrate appid migration run directly by using pan-os-php alias
* type=xpath | change all filter argument to start with "filter-"
* type=appid-toolbox | introduce additional arguments to better use in bash autocompletion script |p1-marker|p2-generator|p3-cloner|p5-activation|p6-cleaner
* type=rule ruletype=nat | introduce new 'filter=(snatinterface has.regex /VALUE/)'

BUGFIX:
* Dockerfiles | update
* type=device | fix object count for utilities
* type=vendor-migration vendor=ciscoasa | bugfix during original config storing
* class CONVERTER.php | bugfix for bidirNAT adjustment

GENERAL:
* class ServiceStore | loop detection - reduce mwarning output to a single finding per $groupName
* update bash_autocompletion/pan-os-php.sh
* introduce develop script cyclePanroama_ssh.php
* bash_autocompletion | class MAXMIND | class SSH_CONNECTOR - small adjustments
* develop start sonicwall.php EXP exported config migration


2.1.1 (20230419)
UTIL:

BUGFIX:
* Dockerfile update to get everything working with new type=vendor-migration
* class Rule.php - fix for PHP7

GENERAL:


2.1.0  (20230419)
UTIL:
* type=vendor-migration | introduce 3rd party Firewall configuration migration to PANOS XML config file
* type=vendor-migration | vendor=stonesoft - extend validation output
* type=register-ip | extend usage for Panorama registered-ip
* type=rule | actions=exporttoexcel - extend help information for applicationsee and hitcount
* type=xpath | introduce argument display-xmlLineNo

BUGFIX:
* class Snippet | bugfix add DataFilteringProfileStore
* type=address-merger | avoid error out on not yet supported classes Ethernet/TunnelInterface
* class Tag.php | bugfix for PHP 7

GENERAL:
* dockerfile update to ubuntu22 and php8.1
* general | introduce argument 'shadow-displayxmlnode'
* general | extend utilities for Fawkes/Buckbeak Snippets
* remove backtrace from mwarning - mostly related to Fawkes/Buckbeak Snippet config


2.0.75 (20230412)
UTIL:
* type=securityprofilegroup | introduce 'filter=(secprof is XYZ)' - inspecific to search all securityprofilegroups for secprof which are set to 'default'/'strict'
* type=diff | extend help information about usage
* type=device | introduce 'filter=(template has-multi-vsys)'
* type=rule | extend with actions=group-tag-remove | group-tag-set:GROUPTAGNAME
* type=rule | introduce 'filter=(group-tag is.set)'
* type=gcp | introduction of GCP helper tools
* type=config-size - extend for snippet
* class Interfacecontainer - extend warning with XML object information - relevant for CloudManagement object-variable validation
* type=device | introduce 'filter=(devicegroup has.vsys XYZ)' - extend output for actions=display
* type=rule | introduce 'actions=display-app-seen'
* type=gcp | improve actions=upload/download
* type=rule actions=exporttoexcel:file.html,RuleHit | exporttoexcel:file.html,ApplicationSeen
* type=securityprofile 'filter=(object is.unused)' - skip predefined objects

BUGFIX:
* type=rule ruletype=decryption | introduce category reading
* class SecurityRule | bugfix to correctly cleanup XML node 'profile-setting', if no SecurityProfile/SecurityProfileGroup is set
* type=rule | bugfix for API_showRuleHitCount
* type=rule | bugfix for actions=rule-hit-count-show / -clear
* type=securityprofile securityprofiletype=custom-url-category 'filter=(object is.unused)' - bugfix to add reference

GENERAL:
* cleanup alias.sh - remove deprecated util scripts which are directly supported with alias "pan-os-php type=XYZ"
* general update dynamic content version to 8690-7941


2.0.74 (20230315)
UTIL:
* type=securityprofile 'actions=custom-url-category-add-ending-token:/*' - add support for token '/*
* type=securityprofile | introduce actions=custom-url-category-remove-ending-token - 'custom-url-category-remove-ending-token:*' - '*' can only be added if '/' is last char
* type=rule actions=display shadow-json - improve output if source/destination isAny()
* type=custom-report | introduce new utility
* type=device | introduce 'filter=(name is.child.of DGNAME)'
* type=UTIL_merger scripts | extend with argument listfilters
* type=securityprofile actions=url-filtering-action-set:alert,CUSTOMURL - support customURL and not only predefined URL

BUGFIX:
* type=zone | actions=display bugfix
* type=securityprofile securityprofiletype=custom-url-category 'actions=custom-url-category-add-ending-token:*'  - fix for token '*' to not skip

GENERAL:
* bugfixes for PHP version 8.2 - 'PHP Deprecated:  Creation of dynamic property'
* class AppFilter / CallContext - improvement for PHP 8.2
* remove deprecated utilities scripts
* update util actions/filter files
* class TAG - improve PHPdoc - methods/variable declaration
* general - use 'XML_PARSE_BIG_LINES' on all classes where XMLfile is load
* update predefined to 8685-7918


2.0.73 (20230224)
UTIL:
* type=ssh-connector | introduction of new utility script
* type=address | introduce new 'filter=(reflocationtype is.template/is.only.template/is.devicegroup/is.only.devicegroup )'

BUGFIX:
* type=certificate | bugfix for reading hash for ec certificates

GENERAL:
* introduce PHP version validation - PHP 8.2 is NOT yet supported


2.0.72 (20230220)
UTIL:
* type=upload | improvement if in=api:// is used but no out= is defined
* type=device | actions=display-shadowrule:file.html - improvement to store full rule informtaion into html
* type=certificate | introduce 'filter=(publickey-algorithm is.rsa/is.ec) - publickey-hash is.sha1/is.sha256/is.sha384/is.sha512 - publickey-length <>!= VALUE
* type=certificate | introduce 'filter=(publickey-hash < sha256)'

BUGFIX:
* type=device | bugfix actions=display-shadowrule:file.html - to export correctly for all DG/vsys
* type=rule ruletype=defaultsecurity | bugfix to read predefined default-security-rules also if xpath post-rulebase is not set
* type=device actions=display-shadowrule | bugfix for multi-vsys
* type=device | actions=display-shadowrule devicetype=manageddevice - bugfix for html export to display correct serial/DG

GENERAL
* class Rule | improvement for type=rule 'filter=(hit-count.fast, timestamp-last-hit.fast and timestamp-first-hit.fast


2.0.71 (20230215)
UTIL:
* type=certificate | introduction of new utility script
* type=certificate | extend actions=display
* type=device | actions=display-shadowrule - extend with argument exportToexcel | actions=display-shadowrule:filename.html

BUGFIX:
* type=playbook | bugfix for missing validation of available array_key
* type=ironskilled-update | bugfix as ironskillet zpp has nothing for Alert_Only_Zone_Protection
* type=address-merger | bugfix class Address.php - not handled null validation

GENERAL
* general - update UTIL actions/filter
* update Dockerfiles | split correctly between amd/arm


2.0.70 (20230208)
UTIL:
* type=diff | redesign filter JSON "combinedruleordercheck" feature

BUGFIX:
* type=playbook | bugfix for missing validation of available array_key
* type=ironskilled-update | bugfix as ironskillet zpp has nothing for Alert_Only_Zone_Protection
* type=address-merger | bugfix class Address.php - not handled null validation

GENERAL
* general - update UTIL actions/filter
* update Dockerfiles | split correctly between amd/arm


2.0.69 (20230203)
UTIL:
* type=device | code improvements for actions=sp_spg-create-alert-only-bp/sp_spg-create-bp - reduce duplicate code
* type=rule | improve filters for ruletype=defaultsecurity
* type=overridefinder | improvement of usage message
* type=rule | extend validation for different rule actions and filters
* type=addressgroup-merger allowaddingmissingobjects allowmergingwithupperlevel | improve functionality to add / move missing objects
* type=diff filter=jsonfile.json | improved if combinedruleordercheck is set in JSON
* type=diff | filter=jsonfile.json - for exclude - introduce wildcard

BUGFIX:
* type=ironskillet-update | bugfix to download and store correct default iron-skillet snippets
* type=rule ruletype=defaultsecurity | bugfix to also import defaultSecurityRules, if only one was overwritten
* type=rule | bugfix for 'filter=(hit-count.fast <>!= XYZ)' via Panorama on multiple DG - but different content from FW
* type=diff filter=jsonfile.json | bugfix if include/exclude is not available at file to compare
* type=address-merger | bugfix if object from upperlevel value has /32 but DG object has only IP

GENERAL
* update default iron-skillet snippets
* docker introduce arm container


2.0.68 (20230130)
UTIL:
* type=diff | JSON filter - add also support for "/PATH/entry[@name='*']"
* type=diff | JSON filter file - support now combination of '*' and [text()[contains(.,'TEXT')]]

BUGFIX:
* type=diff | JSON filter file - additional rule order check did not import post rules correctly
* type=diff | bugfix - JSON filter file check not only * | check '*'
* type=rule | ruletype=defaultsecurity | bugfix to display rules | enable more actions related to defaultsecurityRules
* type=html-merger | bugfix for using argument 'adddefaulthtml' if no filename is specified

GENERAL


2.0.67 (20230127)
UTIL:
* type=playbook shadow-json | improved output
* type=application | introduce actions=delete and actions=delete-force
* type=html-merger | adjust helping information
* type=playbook | support reading argument projectfolder from JSON playbook file
* type=zone | actions=exporttoexcel - extend information with ZoneProtectionProfile
* type=rule actions=exporttoexcel:file.html - rename column 'security' to 'security-profile'
* type=html-merger | introduce argument 'adddefaulthtml' - to give the possibility to add a Excel TAB with descriptions
* type=diff | JSON filter file - allow * as wildcard | [was supporting only "/PATH1/entry[@name='*']/PATH2"]

BUGFIX:
* type=securityprofile | bugfix to delete also customURLProfile objects
* type=device | bugfix panos >100 - for all actions=*-create-*-bp to use coorect iron-skillet snippet

GENERAL
* update Dockerfiles related to ironskillet yaml usage
* set sleeping time for deprecated scripts to 600sec


2.0.66 (20230126)
UTIL:
* type=address/service | introduce 'filter=(reflocationcount ><=! NUMBER)'
* type=diff | introduce more options for 'filter=file.json' - 'added'/'deleted'/'moved' to not display xPath diff, if already accepted and known
* type=xpath | newly introduced utility to search for XML xpath value by using node-filter / xpath-filter / nameattribute-filter | additional output display-xmlnode, display-nameattribute
* type=diff | only avoid display of whitespaces in DIFF for xpath */certificate/ if flag is set
* type=rule-merger | improvements if DENY rules are found between possible rule for merging
* type=diff | introduce more options for 'filter=file.json' - 'combinedruleordercheck'
* type=diff | improve FinalResult output
* type=diff | filter JSON file with "combinedruleordercheck" - use Rule name and no longer UUID as unique key
* type=diff | if filter JSON file is using 'added'/'deleted' - ignore DIFF output
* type=diff | if filter JSON file is using 'empty' - ignore DIFF output of empty rules XMLnodes in DIFF output
* type=ironskillet-update | download yaml file
* type=ironskillet-update | introduce new iron-skillet yaml download and create XML snippets
* type=device | introduce 'actions=zpp-create-alert-only-bp' / 'actions=zpp-create-bp'
* type=diff | filter=jsonfile.json - introduction of ignoring diff output based on textnode for 'added'/'deleted'

BUGFIX:
* type=rule-merger | bugfix if argument exportcsv=xyz projectfolder=xyz and rules are skipped - to create skipped output file correctly
* class ReferenceableObject | bugfix for - type=rule 'filter=(reflocation is.only DGNAME)'
* type=address | bugfix for 'filter=(reflocation is DGNAME)' if multiple reflocation are used
* class RULE.php method load_common_from_domxml() | bugfix to NOT set reference for group-tag - fix problems with tag-merger
* class SecurityRule | bugfix for qos -> marking
* type=playbook | bugfix for new php version - missing variable declaration
* dockerfile add missing folder iron-skillet | fix for all iron-skillet relevant type=device action=....-create-bp parts
* type=diff | filter JSON file 'added'/'deleted' - bugfix to get for each entry the correct diff output
* type=html-merger | bugfix for missing projectfolder argument / introduce try and catch if pyhon is not installed
* type=device 'actions=manageddevice-delete' | bugfix for offline config

GENERAL
* update js and json file for bash_completion
* type=rule | update filter description for 'filter=(timestamp-first-hit.fast/timestamp-last-hit.fast <,>,= VALUE)' as of a PHP v7 handling problem
* update license info | introduce new migration scripts for different vendors, under tag develop
* develop | migration pulse - introduce rule-merging functionality only for pulse migration - should be general available
* develop migrate bluecoat | introduce new argument 'loadxmlfromfile'
* general - update dynamic to version 8668-7812


2.0.65 (20221215)
UTIL:
* type=rule | introduce 'filter=(hit-count.fast >,<,=,! VALUE)'
* type=device | now support for Fawkes config snippet

BUGFIX:
type=rule 'filter=(timestamp.last-hit.fast = 0)' bugfix to avoid error out
type=rule 'filter=(timestamp-last-hit.fast < 10/01/2021)' | bugfix to not show rules which are unused

GENERAL
* update to Palo Alto Networks content version 8648-7733


2.0.64 (20221203)
UTIL:
* type=xml-issue | improve counting for applicationgroup/customurl fixes
* type=address | improvement for actions=name-rename
* type=address | introduce new 'actions=value-replace:SEARCH,REPLACE'
* type=rule actions=exportToExcel:file.html | introduce additionalFields 'resolveServiceAppDefaultSummary'
* type=rule | introduction of 'filter=(service no.app-default.ports)'

BUGFIX:
* type=diff | bugfix for shadow-json - to display also diff information if xml node value only change
* type=xml-issue | fix counting for service objects with double spaces in name

GENERAL
* pan-os-php-api - develop | improvements to use docker-compose with user DB
* set_alias_usage.sh | improvement to dyamically read correct full path where pan-os-php files are available


2.0.63 (20221024)
UTIL:
* type=securityprofile | introduce process of DataFilteringProfileStore
* type=address/rule actions=description-Replace-Character | add variable $$forwardslash$$ and $$colon$$
* create_vwire.php | update to use JSON file
* develop get_counter.php | fix to get newest information from website
* util develop - extend display-xpath-for-node-filter.php with argument 'nameattribute=XYZ'
* type=xml-issue | extend address check with ip-range; optimise if address value is /32; introduce same improvement for duplicate servicegroups as already in addressgroup

BUGFIX:
* type=address actions=move | bugfix for Firewall config type
* type=diff | bugfix to display changes in same single XMLnode without child node correctly

GENERAL
* update App-ID version: 8632-7647


2.0.62 (20221010)
UTIL:
* type=rule | introduce 'actions=user-replace:OLD-username,NEW-username' and 'actions=user-replace-from-file:FILE.txt'
* type=rule | implement group-tag usage for actions=display / 'filter=grouptag is TAGNAME'
* type=device  actions=sp_spg-create-alert-only-bp:true | ironskillet update for panos 10.2
* type=rule | introduce actions=rule-hit-count-show / rule-hit-count-clear

BUGFIX:
* type=rule/schedule 'filter=(schedule.expire.in.days > -90) / (expire.in.days > -90) | bugfix for negative numbers

GENERAL:


2.0.61 (20221004)
UTIL:
* type=rule | introduce 'filter=(url.category.count ><=! NUMBER)'
* type=address | improve "help create-address" - improve also actions=display

BUGFIX:
* class Panorama/Pan/FawkesConf - save_to_file set indentingXmlIncreament to default without an encrease with +1
* type=device actions=sp_spg-create-bp:false | if no name argument is defined 'sp_spg-create-bp:[shared], sp-name' use predefined array
* class RulewithUserID - bugfix for known-user

GENERAL:
* improve classes BuckbeackConf / FawkesConf - to avoid creating XML node if not needed
* extend class Container/DeviceCloud/DeviceOnPrem with DataFilteringProfileStore


2.0.60 (20220926)
UTIL:
* develop ssh-connector | introduce argument password
* type=rule actions=description-append | introduce $$current.name$$ a stringformular


2.0.59 (20220924)
UTIl:
* type=html-merger | introduce argument exportcsv=filename.xslx
* type=tsf | introduce TechSupportFile - to extract running-config.xml from TSF
* type=address - 'filter=(refobjectname is XYZ)' extend to support rule name

BUGFIX:
* type=xml-issue | bugfix to store output file also if pan-os API mode is used
* type=stats | bugfix for loadpanoramapushedconfig

GENERAL:
* introduce development script gcp


2.0.58 (20220908)
UTIL:
* type=rule - improve filters for CI/CD
* type=rule ruletype=any | introduce all filter/actions related to schedule for DoS/Pbf/Qos Rules
* type=rule | introduce ruletype=defaultsecurity
* type=device - extend all parts DG/template / template-stack with config-size information
* type=config-size - optimise output
* type=rule | extend 'filter=(secprof ......)' for ryletype=defaultsecurity
* type=rule | introduce ruletype=sdwan,networkpacketbroker

BUGFIX:
* type=rule/schedule | bugfix for is.expired
* type=rule | actions=securityprofile... - fix to support DefaultSecurityRule
* type=xml-issue | bugfix for Zone
* type=rule ruletype=defaultsecurity | bugfix for actions=exporttoexcel

GENERAL:
* introduce class DefaultSecurityRule - extend on all parts
* extend usage of DefaultSecurityRule to class Container/DeviceCloud/DeviceOnPrem
* class DefaultSecurityRules - skip reading source/destination/from/to
* pan_php_framework - optimise method convert()
* class AddressStore | loop dependencies error with more details
* introduce GTP/SCEP/PacketBroker/SDWAN-ErrorCorrection/-PathQuality/-SaasQuality/-TrafficDistribution Classes
* introduce Profile DataObjects Class


2.0.57 (20220905)
UTIL:
* type=rule | introduce new 'filter=(uuid eq 1234567890)'
* type=rule | introduce 'actions=name-rename:$$current.name$$-$$uuid$$'
* type=stats | improvement to get exportcsv=file.csv working for argument location
* type=ALL - introduce optional argument for location=DGname:includeChildDgs / location=DGname:excludeMainDg
* type=ALL - introduce again argument shadow-apikeyhidden

BUGFIX:
* type=address/service | fix for actions=name-rename - to skip if string length > 63
* type=address actions=value-host-object-add-netmask-m32 | skip if IPv6 address
* type=playbook | skip creating out file for usage of html-merger
* type=address | improvement for ipv6 if 'actions=name-rename:host.pub_$$value.no-netmask$$-$$netmask$$'
* type=address-merger | bugfix for fqdn objects with different value but same name spread of DG hierarchy
* type=ALL | argument location=DGname:includeChildDgs - bugfix if DG is not found
* type=rule | bugfix for 'filter=(schedule is.expired)'

GENERAL:
* class PanoramaConf | improve output if parentDG can not be calculated for DeviceGroup
* update git-php
* class AddressStore - revert group loop check


2.0.56 (20220829)
UTIL:
* type=stats - improvement for JSON output
* type=zone | introduce actions=display userid information | 'filter=(userid is.enbaled)'
* type=zone | introduce actions=userid-enable:{BOOL} - per default {BOOL} is TRUE
* type=service | introduce actions=timeout-inherit - to disable timeout override and inherit from application
* type=service | improve actions=description-append:{TEXT} - with an additional variable $$current.name$$

BUGFIX:
* type=device | bugfix for actions=exportLicenseToExcel:file.html
* class AddressGroup | fix for XML rewrite if addressgroup isdynamic

GENERAL:
* class UTIL - argument template=XYZ - improve output message if template not found
* playbook json files | introduce rule-merger.json - small optimistation for panorama clean-up
* improve test_rule_merger - to read input file
* UI - optimisation for offline/online mode - introduce new preparation.php to upload file / create apikey
* UI - development - continue working on multi-user mode
* UI - improvement for multi-user usage - projectfolder - panconfigkeystore


2.0.55 (20220808)
UTIL:
* type=addressgroup-/servicegroup-/service-merger | introduce dupalgorithm=identical
* type=servicegroup-merger | introduce childDG validation
* type=addressgroup-/servicegroup-/merger - for childDG object move; correct hashmap object array of actual DG

BUGFIX:
* type=diff "filter=XPATH" | bugfix as filter was not used
* type=UTIL-merger | fix for Buckbeak validation

GENERAL:
* extend different Fawkes and Buckbeak related classes
* improve bash completion script
* class TemplateStack | introduce method setName()
* class PanoramaConf | introduce method removeTemplateStack - improve removeDeviceGroup and removeTemplate
* class MERGER | method servicegroup_merger - correct variable name
* test script optimisation - MERGER output adjustment


2.0.54 (20220803)
UTIL:
* type=rule | new 'filter=(service.object.count ><=! VALUE)'
* type=service-merger | improve output for exportcsv
* type=rule-merger | improve output for exportcsv
* type=diff | introduce working argument shadow-json
* type=rule | introduce new 'filter=(service timeout.is.set)' | improve for 'filter=(service.object.count <>=! VALUE)'

BUGFIX:
* type=service-merger | bugfix if service timeout is set and on childDG compare to parentDG the timeout differ

GENERAL:


2.0.53 (20220802)
UTIL:
* class MERGER | code cleaning - improvement to use methods | benefit for service-/tag-/addressgroup-/servicegroup-merger


2.0.52 (20220801)
UTILS:
* type=device | introduce 'filter=(name is.in.file FILE)'

BUGFIX:
* type=device actions=manageddevice-delete/-create | fix/rework method
* type=rulemerger | bugfix for exportcsv if rule is skipped because of deny or none matching filter

GENERAL:
* update dockerfiles and install_script_ubuntu


2.0.51 (20220731)
UTILS:
* UTIL different classes - improvement for usage output
* type=stats | introduce argument exportcsv=json.csv - to get stats exported in CSV
* type=diff | final improvement for stdout of diff

BUGFIX:
* class ObjectwithDescription | method description_merge() - do not merge description if other description is empty`
* type=address-/service-/tag-merger | bugfix if object creation, to update objects in memory for merging part

GENERAL:


2.0.50 (20220729)
UTILS:
* type=dhcp - introduction
* development ike.php - extension for GreTunnel
* type=rule-merger | improved exportcsv to also display the original rule which is getting manipulate
* type=address-merger | improvements for dupalgorithm=identical - do not create new objects

BUGFIX:
* type=diff | bugfix if argument filter is used with $$name$$
* type=diff filter=jsonfile.json | bugfix if no include filter is set but exclude must be triggered
* type=[object]-merger | bugfix to use location=DG1,DG2
* typ=address-merger dupalgorthm=identical | bugfix to NOT merge not identical objects but same value from childDG #584
* type=address-merger | fix pickfilter if allowmergingwithupperlevel is used

GENERAL:
* bash autocompletion - extension for actions= filter=
* introduce class DHCP / GreTunnel and all respective additions for UTILS
* different classes | extend validation for usage of json_decode
* update dynamic content version to 8597-7479


2.0.49 (20220726)
UTILS:
* pan-os-php type=diff | introduce for argument filter=JSONFILE.json
* type=diff | introduce of filtering on xpath with name1 and name2 arguments as variable
* type=diff | extend usage help for all possible arguments

BUGFIX:
* class UTIL | bugfix if no timezone setting can be found

GENERAL:
* update util_action_filter.json file


2.0.48 (20220720)
UTILS:
* UTIL type=securityprofile securityprofiletype=url-filtering | improvements actions=url-filtering-action-set:[ACTION],[category]
* UTIL type=rule | introduce ruletype=tunnelinspection

BUGFIX:
* UTIL type=address/service/tag/application/zone | bugfix for 'filter=(object is.unused)' - direct benefit of class TunnelInspectionRule
* class logwriter/UTIL - fix to use settimezone() also on Expedition-Converter
* class Manageddevice - bugfix for reading manageddevice from Panorama
* class CIDR | bugfix for specific use case

GENERAL:
* introduce class TunnelInspectionRule


2.0.47 (20220714)
UTILS:
* UTIL type=Rule | introduce 'filter=(app has.fromquery subquery1)' 'subquery=([application filters])'
* UTIL type=rule | introduce 'filter=(app risk.recursive.is 3)'
* update internal JSON files for pan-os-php API usage
* multiple classes | improvements for buckbeak
* UTIL type=service-merger | improvements for exportcsv
* UTIL type=upload - extend help information
* UTIL type=securityprofile securityprofiletype=url-filtering | introduce actions=url-filtering-action-set:[ACTION],[category]

BUGFIX:
* class AppRuleContainer | bugfix for method membersExpanded()

GENERAL:
* update predefined to 859207467


2.0.46 (20220708)
UTILS:
* class DeviceOnPrem - introduction - Buckbeak - improving other Rule classes to be prepared for Snippets
* Buckbeak - different classes - improvement to support new DeviceOnPrem / Snippet feature
* UTIL type=[all-merger] - improve exportcsv export if argument projectfolder is used

BUGFIX:
* UTIL type=xml-isse | bugfix for checking 'groups with own membership as subgroup'
* Update class cidr | bugfix for Buckbeak address object variable handling
* class Container/DeviceCloud/DeviceOnPrem | bugfix add missing region XML reading

GENERAL:
* updating Docker files
* Update READMEdocker - improving workflow Container update
* class FawkesConf | introduce findDeviceOnPrem / createDeviceOnPrem
* class ManagedDeviceStore | introduce method createManagedDevice for Panorama and Fawkes


2.0.45 (20220630)
UTILS:
* UTIL type=device | actions=display show Container hierarchy for Fawkes
* UTIL type=stats | improve visibility for securityprofiles

BUGFIX:
* UTIL type=securityprofilegroup | bugfix for fawkes config

GENERAL:


2.0.44 (20220629)
UTILS:
* UTIL type=xml-issue | extend visibility for removing duplicate address/service objects
* UTIL type=device | introduce actions=manageddevice-create / manageddevice-delete
* UTIL type=device | introduce actions=DeviceGroup-removeSerial/DeviceGroup-addSerial

BUGFIX:
* UTIL type=securityprofile actions=delete - bugfix to get API mode working
* UTIL type=address-merger | bugfix if one of the object has an empty description string

GENERAL:


2.0.43 (20220622)
UTILS:
* UTIL type=rule | introduce new actions=app-postgres-fix
* UTIL type=securityprofile securityprofiletype=custom-url-category | introduce actions=custom-url-category-fix-leading-dot
* UTIL type=address actions=create-address-from-file:FILE.txt - introduce two new bool argument: force-add-to-group' / 'force-change-value
* UTIL type=rule action=description-Replace-Character | introduce variable $$newline$$
* UTIL type=rule-merger | introduce tag 'merged' and extend description which rules were merged
* UTIL type=rule-merger | introduce argument exportCSV=merged.html

BUGFIX:
* class DH - set commands fix of FROM/TO field of rules
* UTIL type=address actions=create | bugfix if exiting object is of type address-group
* class DH - bugfix for "set commands" if value contains newline
* UTIL type=address actions=create-address-from-file | bugfixes
* UTIL type=rule-merger | merging description correctly
* class ServiceStore | bugfix to NOT error out if duplicate servicegroup and service are available
* UTIL type=rule-merger | bugfix for missing variables

GENERAL:
* update to Device App-ID version: 8571-7398
* docker container update install more python modules


2.0.42 (20220515)
UTILS:
* UTIL type=address 'actions=exporttoexcel:FILE.html,ResolveIP|NestedMembers' - extension with nested IP members ip resolution and count
* UTIL type=address 'filter=(ip.count > 200)' now also working for address-groups
* UTIL type=service | introduce actions=exporttoexcel:file.html port.count | filter=(port.count ><= VALUE)
* UTIL type=address improve: 'actions=description-Replace-Character:$$comma$$word1'
* UTIL type=rule improve: 'actions=description-Replace-Character:$$comma$$word1'

BUGFIX:

GENERAL:


2.0.41 (20220512)
UTILS:
* UTIL type=address-/service-merger | export also skipped objects
* UTIL type=address actions=exportToExcel:FILE.html,resolveIP - improvement for dynamic AddressGroup
* UTIL type=xml-issue | extend for SecRule from/to duplicate search and readonly template-stack

BUGFIX;
* UTIL type=ALL-MERGER | bugfix for argument outputformatset - display objectname if delete

GENERAL:


2.0.40 (20220509)
UTILS:
* UTIL type=playbook | introduce argument validation
* class AddressGroup - dynamic Address Group with filter; every kind of filter is supported - revert warning
* class AddressGroup/ServiceGroup/pan_php_framework - improvement for stdout
* UTIL type=service-merger | improvement to stdout - why an object is skipped {protocol/dport/sport}
* UTIL type=service | improvements to validate loop usage in ServiceGroup

BUGFIX:
* UTIL type=tag | bugfix to support correctly tag name with characters '(' and ')'  - benefit for dynamic address group filter
* UTIL type=playbook | bugfix regarding supported arguments
* class PanoramaConf | bugfix for reading custom region objects on shared level
* class PANConf | bugfix for argument loadpanoramapushedconfig
* UTIL type=device actions=display-shadowrule - bugfix for none declared variable
* UTIL type=device | actions=display-shadowrule - bugfix to display rule owner
* UTIL type=device actions=display-shadowrule - bugfix
* UTIL ServiceStore | bugfix if serviceGroup A has a ServiceGroup B as member, which contains ServiceGroupA

GENERAL:


2.0.39 (20220428)
UTILS:
* UTIL type=html-merger | optimisation
* UTIL type=address | introduce actions=create-address-from-file:FILE.txt
* UTIL type=rule | introduce actions=src-add-from-file:FILE.txt / dst-add-from-file:FILE.txt
* UTIL type=address | introduce new 'filter=(value ip4.match.exact.from.file FILE)
* UTIL type=address | improve actions=replace-IP-by-MT-like-Object/create-address/create-address-from-file - related to easily create address object which same name as TMP object
* UTIL type=address-/service-/tag-merger | optimisation if argument allowmergingwithupperlevel is used
* UTIL type=address-merger | introduce actions=mergenoghost

BUGFIX:
* UTIL type=rule | actions=src-add/src-add-from-file/dst-add/dst-add-from-file - move from error out to warning
* class Schedule | bugfix to display expired objects correctly
* class AddressStroe | bugfix if DAG includes filter where tag has also () in name
* UTIL type=ALLMERGER - bugfix to validate only address object if TMP

GENERAL:
* class EthernetInterface - reduce duplicate code


2.0.38 (20220426)
UTILS:
* UTIL type=playbook | improvements related to argument projectfolder=DIRECTORY
* UTIL type=html-merger - introduction | script to merge muliple HTML files, formerly created with actions=exportToExcel

BUGFIX:
* UTIL type=service | actions=exporttoexcel,FILE.HTML,resolvesrv - bugfix
* UTIL type=ALLMERGER _ bugfix for printing out information

GENERAL:
* UTIL - introduce new argument 'projectfolder' - to store all produced action files into this folder


2.0.37 (20220425)
UTILS:
* UTIL type=Rule | introduce 'filter=(timestamp-first-hit.fast < - 90 days)'
* UTIL type=rule | introduce actions=action-set:[ACTION] | supported Security Rule actions: 'allow','deny','drop','reset-client','reset-server','reset-both'
* UTIL type=service | introduce new additional argument actions=exporttoexcel,FILE.HTML,resolvesrv
* UTIL type=xml-issue | extend fix if Dynamic AddressGroup filter contains own tag
* class AddressGroup | extend validation if dynamic AddressGroup filter contains own tag objects
* UTIL type=addressgroup-/servicegroup-merger | add information for argument exportCSV

BUGFIX:
* UTIL type=address actions=delete 'filter=(object is.unused)' | bugfix for FW to not delete used objects - not fixed yet for Panorama
* class SecurityRule | bugfix for method 'API_setAction()'
* UTIL type=ALLMERGER | argument allowaddingmissingobjects - bugfix to support this argument in type=service-group
* class AddressGroup | method load_from_domxml() - extend validation to handle dynamic AddressGroup with empty filter

GENERAL:


2.0.36 (20220419)
UTILS:
* UTIL type=device | introduce idle time for actions=system-admin-session
* UTIL type=device | actions=system-admin-session:delete,8
* UTIL type=service-merger | extend output with protocol
* UTIL type=ALLOBJECTMERGER script | shadow-json and exportcsv argument will now also store HTML file locally
* class Tag | improve method setColor() - to successfully read SASE API config response
* UTIL type=service | delete deprecated actions=deleteForce - use actions=delete-Force
* class SecurityRule - introduce rewriteSchedule_XML() - use it in new method referencedObjectRenamed()

BUGFIX:
* CLASS ZoneStore/AddressStore/ObjStore/ServiceStore | bugfix to NOT search parentstore of object name during creation of new object
* class UTIL | bugfix for Fawkes config type related to timezone setting
* class Schedule | bugfix for method setRecurringDaily() - rewritexml correction
* UTIL type=rule | bugfix for actions=from-Set-Any / actions=src-dst-swap
* UTIL type=address | bugfix related to custom Region object - class Region()
* class AddressGroup | bugfix for dynamic AddressGroup - do not add own Group if tagged as member

GENERAL:
* framework | API KEY will be revert to send via URL, not using the secure method to send via Header which is available since PAN-OS 9.0
* framework | extend test_actions and test_filers


2.0.35 (20220411)
UTILS:
* UTIL type=device | introduce actions=system-restart / system-mgt-config_users /  system-admin-session:display / system-admin-session:delete,1
* UTIL type=device | actions=actions=system-mgt-config_users - extend information for customer Rolebase
* UTIL type=system-log/traffic-log | optimisation of device timezone usage
* UTIL all merger scripts | introduce new argument actions=merge/display
* UTIL type=rule-merger | introduce argument actions=display / actions=merge is still default behaviour

BUGFIX:
* UTIL type=device | bugfix for actions=system-admin-session
* UTIL type=address-merger | bugfix for address value if netmaks /32 is used

GENERAL:
framework | optimise method PH::print_stdout()
framework | introduce PAN-OS device timezone - make use for this in type=device actions=system-admin-session


2.0.34 (20220408)
UTILS:
* UTIL API - introduce postman_collection
* UTIL type=device actions=display-shadowrule | improve JSON output
* UTIL develop - introduce create_template_mgmt_permittedips.php
* UTIL type=device | introduce actions=sp_spg-create-BP
* UTIL type=device | extend actions=sp_spg-create-BP:true/false,SP-NAME - with SP-NAME defined only the OUTBOUND profile is created with the defined SP-NAME
* UTIL optimise test_filter script for QA

BUGFIX:
* UTIL API - bugfix related to JSON output
* UTIL type=rule | bugfix 'filter=(rule is.unused.fast)' if searching via API mode on Panorama
* class PanAPIConnector | bugfix to avoid using shadow-apikeynohidden for PAN-OS >=9 if Panorama is used as proxy
* UTIL type=rule 'filter=(src has OBJECTNAME)' - fix if object does not exist at same DG level or above - filter is now returning false
* UTIL type=tag | bugfix for 'filter=(reflocation is shared )'

GENERAL:
* introduce UTIL actions test script
* framework | bugfixes for different CLASSES related to UTIL test_filter / test_action found issues


2.0.33 (20220404)
UTILS:
* UTIL type=address | introduce 'filter=(ip.count >,<,=! VALUE)' AND 'actions=move-range2network'
* UTIL bash-autocompletion | introduce argument "outputformatset="
* UTIL type=address | actions=exportToExcel:FILE.html - extend with ip.count value
* UTIL type=ALLMERGER | extend argument 'exportCSV' to 'exportCSV=FILE.html' which export the info into EXCEL / HTML format
* UTIL develop display-xpath-for-node-filter | add argument fullxpath - to display also for template info the full. output
* UTIL develop display-xpath-value | introduce argument displayattributename - to only display the attribute, not full content
* UTIL type=service | introduce actions=split-large-service-groups:MAXnumber
* UTIL type=[ALLMERGER] - duplicate code reduction - output improvements
* UTIL type=device | introduce new actions=DefaultSecurityRule-SecurityProfile-SetAlert/ DefaultSecurityRule-SecurityProfileGroup-Set:SECPROFGROUP
* UTIL API - move from develop into production

BUGFIX:
* class DeviceGroup / Template - remove $xmlroot as already defined in trait XmlConvertible
* UTIL ALLMERGER scripts | bugfix for argument exportCSV=FILE.html - to display all merged objects

GENERAL:


2.0.32 (20220318)
UTILS:
* UTIL type=rule | rework 'filter=(service port.counter)' is now 'filter=(service.port.count >,<,=,! COUNT)')
* UTIL type=rule | extend actions=exportToExcel with service Counter
* UTIL type=protocoll-number-download | introduction for future usage
* UTIL type=rule | actions=exportToExcel - introduce 'rulebase' column
* UTIL type=rule | 'filter=(schedule expire.in.days XYZ) renamed to 'filter=(schedule.expire.in.days >,<,=,! XYZ)'
* UTIL type=securityProfilegroup actions=exporttoexcel | introduce information about used location and counter
* UTIL UI - introduce additional arguments for playbook JSON file
* UTIL type=playbook | introduce argument location= handling
* UTIL type=rule | actions=exporttoexcel:file.html,ResolveServiceSummary | improvement for Service Counters

BUGFIX:
* UTIL type=rule | actions=exportToExcel - bugfix for service.count if application-default is set
* UTIL type=rule | 'filter=(service.port.count = PORTCOUNT)' - bugfix to change in code to '=='
* class IP4MAP | bugfix for all filters where IP calculation is used e.g. UTIL type=rule 'filter=(src is.partially.or.fully.included.in.list LIST)'
* class SecurityProfileGroupStrore | bugfix to search for available object name only in current Store
* UTIL type=address actions=move:XYZ,removeifmatch | bugfix if address-group has same nested address-group member, but this nested group has different members
* UTIL type=service actions=move:XYZ,removeifmatch | bugfix for nested servicegroups with different members
* class DeviceCloud/FawkesConf/PanoramaConfg - bugfix to calculate parentCentralStore
* class Devicecloud / FawkesConfig | bugfix to handle securityProfileStore correctly
* class SecurityProfileGroup | bugfix to get correct reference calculation
* UTIL type=device actions=display-shadowrule | bugfix for nat rules
* UTIL type=rule actions=exporttoExcel:FILE.html,ResolveScheduleSummary | bugfix to  display all type of schedule
* class Rule.php methode zonecalculation - bugfix for NAT to
* UTIL type=service-merger - class ServiceGroup | bugfix to not delete ServiceGroup members during merge, if this member is available in same name and value at upperlevel

GENERAL:


2.0.31 (20220303)
UTILS:
* pan-os-php type=xml-issue | extend fix for custom-url-category
* UTIL type=application | introduce new 'filters=( decoder has XYZ )' / (decoder is.set)
* UTIL type=securityprofile securityprofiletype=custom-url-category | actions=exporttoexcel introduce display of member information
* UTIL BETA ssh_connector.php | extend with argument setcommand-maxline=20
* UTIL type=rule | introduce new 'filter=(service port.counter.greater.than 1000)' / service port.tcp.counter.greater.than 1000 / service port.udp.counter.greater.than
* UTIL type=service | introduce new actions=show-dstportmapping
* UTIL type=address | improvement for actions=showip4mapping to display unresolved objects

BUGFIX:
* UTIL type=diff | replace derr() with mwarning() - fix for argument outputformatset
* class SecurityProfilStore | bugfix to handle parentStore correctly
* UTIL type=securityprofile | bugfix missing array variable declaration
* UTIL type=rule | bugfix for 'filter=(service has.value.recursive PORT-RANGE)'
* UTIL type=rule 'filter=(service has.value.recursive PORT-RANGE)' | bugfix if searched PORT-RANGE is partial available, and if multiple port-range are available in service-group
* UTIL type=rule | bugfix for 'filter=(service has.value.recursive PORT-RANGE)' to match if two different nested groups has combined the filtered PORT-RANGE
* UTIL type=rule | class ServiceDstPortMapping - bugfix to for 'filter=(service port.counter.greater.than 10)'

GENERAL:
* framework all Object Classes | improve code for usage of single method parentCentralStore()


2.0.30 (20220221)
UTILS:
* UTIL pan-os-php type=device | introduce actions=find-zone-from-IP:IPADDRESS (working on devicetype=virtualsystem / manageddevice)
* UTIL pan-os-php type=xml-to-json | improve for cycleconnectedfirewalls
* UTIL pan-os-php type=address/service | introduce actions=create-address/create-addressgroup - actions=create-service/create-servicegroup
* UTIL type=config-size | extend big XML nodes with information about how many objects are available
* UTIL pan-os-php | introduce type=config-commit - class CONFIG_COMMIT__.php , extend bash-autocompletion
* UTIL all object merger | improve output which object get delete if ancestor is found
* UTIL pan-os-php type=securityprofile | introduce 'actions=custom-url-category-add-ending-token' for securityProfileType=custom-url-category
* UTIL all script argument 'outputformatset' | improve display set commands
* UTIL develop | introduce new script - display-xpath-value  - display-xpath-for-node-filter
* UTIL UI | per-default always set shadow-ignoreinvalidaddressobjects
* UTIL pan-os-php type=xml-issue | introduce new check if address/-group/service/-group/secRule/natRule objectname has double spaces in it
* UTIL type=xml-issue | introduce additional validation if service/-group is available with name 'application-default'
* UTIL pan-os-php type=service | actions=name-rename:$$timeout$$ - introduce VARIABLE $$timeout$$
* UTIL  argument 'outputformatset' - correction of 'set commands' order print
* UTIL develop/ssh_connector.php | introduce argument 'setcommandfile=FILE' for quick validation check of create "set commands"
* UTIL type=securityprofile actions=custom-url-category-add-ending-token - improvement avoid adding token if '*' is already available at end of string
* UTIL type=device | improvments for JSON output
* UTIL argument outputformatset | improvement to move exceptions to separate method()
* class SecurityRule - optimisation of rewriteXML if no SecurityProfile/SecurityProfileGroup is set
* UTIL type=device | rename actions=securityprofile-create-only => actions=sp_spg-create-alert-only-bp
* UTIL type=device | introduce actions=defaultsecurityrule-action-set:[all|intrazone|interzone],[allow|deny]

BUGFIX:
* UTIL UI - still in BETA - bugfix to create correct JSON playbook file if location argument is used
* UTIL all MERGER | fix for location=any allowmergingwithupperlevel
* UTIL all MERGER | bugfix to calculate ancestor
* class InterfaceContainer | bugfix if xmlRoot === NULL
* class VirtualRouterContainer | bugfix if VSYS has no XMLnode available to import new Virtual-Router; xmlRoot === null
* UTIL type=xml-issue | bugfix for finding correct sec/natRule for double whitespaces in object name
* UTIL type=device - actions=logforwardingprofile-create-bp | bugfix FW can only have 'set shared log-settings'
* UTIL type=gratuitous-arp | bugfix to get feature working after the migration to classes
* UTIL argument 'outputformatset' | bugfix to include all XMLnode value information
* class IKEGateway | bugfix for reading XML if XMLnode is not available
* UTIL argument 'outputformatset' bugfix for attribute name
* UTIL argument "outputformatset" - bugfix to get all XMLnode without any child and no textContent
* UTIL argument 'outputformatset' another bugfix to define "set commands" correct
* class customURLProfile - bugfix to create correct "set commands" for version 91
* UTIL type=device - bugfix actions=DefaultSecurityRule-remove-override if no override is availalbe
* UTIL argument outputformatset | bugfix for zone-protection-profile - combine multiple set commands related to 'flood xyz red'
* UTIL type=device actions=defaultsecurityrule-securityprofile-remove:false | bugfix to remove secprof correctly in API mode

GENERAL:
* class PanAPIConnector | introduce method commitAll() and commitPartial( $user)
* framework | split README into multiple files to get better introduction
* framework | introduce new example - improve the example template
* framework | introduce bash script "create_all_docker_container.sh"


2.0.29 (20220204)
UTILS:
* UTIL type=tag-merger | introduce help info for dupalgorithm=SameName
* UTIL all types | argument "outputformatset" status BETA - return all "set/delete commands" done by a PAN-OS-PHP UTIL script
* class UTIL | improve error handling for file not found if shadow-json is used
* UTIL type=securityprofilegroup | actions=securityProfile-Set - extend output if Profile is not found and skipped

BUGFIX:
* UTIL type=device | actions=securityprofile-create-alert-only - bugfix for PAN-OS 8.1 - including fix for ironskillet download
* class PanoramaConf | bugfix to handle initial PAN-OS panorama config files
* UTIL type=address / service actions=move:childDG | bugfix - correct nested object search and create XMLnode if not available

GENERAL:
* framework - update predefined to version 8519-7206
* update install scripts as for example ubuntu installation is only working correctly if root user is used
* framework - introduce update_pan-os-php.sh script


2.0.28 (20220124)
UTILS:
* UTIL pan-os-php type=device | introduce PAN-OS API for actions=devicegroup-create / template-create
* UTIL pan-os-php type=device | introduce actions=template-delete
* UTIL development | introduce visibility_playbook.php
* UTIL pan-os-php type=device | move to iron-skilett usage for actions=securityprofile-create-alert-only / logforwardingprofile-create-bp / zoneprotectionprofile-create-bp
* UTIL ironskillet_update | disable SSL check
* UTIL pan-os-php | extend for type=playbook / ironskillet-update / maxmind-update / util_get-action-filter
* UTIL main entry pan-os-php script | start removing old single scripts maxmind / ironskillet / util_get-action-filter
* UTIL pan-os-php type=playbook | introduce PAN-OS API as argument in=api://
* UTIL system-log / traffic-log / software-remove / sendGARP - move to PHP classes
* UTIL pa_software-download / pa_software-preparation / pa_license move to PHP class - to make it useable for entry point pan-os-php type=
* UTIL API - improve error output for supported endpoints
* UTIL pan-os-php type=config-download-all | introduce type and move feature from development into php class
* UTIL UI update json_array.js to get actual info about script actions / filter
* UTIL get_action_filter | improve
* UTIL UI - extension for playbook JSON file reading and creation
* UTIL type=zone | introduce new 'filter=(zpp is.set) / (zpp is PROFILNAME)'
* UTIL type=address new 'actions=(description-replace-character:OLDone,NEWone )'
* UTIL UI update playground
* UTIL pan-os-php type=tag-merger | introduce dupalgorithm=samename
* UTIL pan-os-php type=device | actions=cleanuprule-create-bp:default - remove manipulation part on default SecurityRule
* UTIL pan-os-php type=device | introduce actions=DefaultSecurityRule-securityProfile-Remove / DefaultSecurityRule-logsetting-set / DefaultSecurityRule-logstart-disable / DefaultSecurityRule-logend-enable
* UTIL update actions / filter
* UTIL pan-os-php type=device | introduce actions=DefaultSecurityRule-create-BP

BUGFIX:
* UTIL pan-os-php type=device | bugfix actions=securityprofile-create-alert-only PAN-OS version <10 compare to >=10
* UTIL pan-os-php type=device | bugfix for actions=securityprofile-create-alert-only:true if no PAN-OS API method is used
* UTIL pan-os-php type=device | bugfix for all actions which are using IronSkillet snippets
* UTIL pan-os-php type=device | actions=zoneprotectionprofile-create-bp / logforwardingprofile-create-bp bugfix for PAN-OS API method
* UTIL pan-os-php type=device actions=securityprofile-create-alert-only | bugfix on offline config file to create profiles only once
* UTIL pan-os-php type=device actions=cleanuprule-create-bp | bugfix if same rulename is already available

GENERAL:


2.0.27 (20220111)
UTILS:
* pa_gratuitous-arp - extend for SNAT / improve if addressObject value has netmask, to send gARP to all IP Addresses
* all scripts - introduce new argument 'git=[BRANCHname]';
* ALIAS extension and correction
* pa_tag-edit | introduce new "actions=replace-with-object:TAGname" in combination with 'filter=(name eq OLDtagName)'
* UTIL develop - introduce interface_getIP
* UTIL all rule classes - improvements for PHP8.1
* UTIL | disable logging
* UTIL - PanAPIConnector | improve Exception handling
* UTIL pan-os-php type=device | introduce actions=logforwardingprofile-create-bp / zoneprotectionprofile-create-bp
* UTIL type=device | actions=securityprofile-create-alert-only extend with customerURLcategory
* UTIL pan-os-php type=device | introduce actions=template-create
* UTIL pan-os-php type=address-merger - improve merging value has /32 or only HOST IP address
* UTIL type=device | introduce actions=cleanuprule-create-bp
* UTIL type=device actions=cleanuprule-create-bp extend with PAN-OS API method
* UTIL introduce PAN-OS version for each script output
* UTIL pan-os-php type=device | introduce PAN-OS API. mode for actions=zoneprotectionprofile-create-bp /  logforwardingprofile-create-bp
* UTIL pan-os-php type=device | actions=securityprofile-create-alert-only introduce PAN-OS API method for FWs
* UTIL pan-os-php type=device | introduce PAN-OS API call for Panorama for actions=cleanuprule-create-bp /  logforwardingprofile-create-bp / securityprofile-create-alert-only
* UTIL pan-os-php type=device | introduce PAN-OS Panorama API call for actions=zoneprotectionprofile-create-bp

BUGFIX:
* update installer scripts / issues with git-php not available
* update dockerfiles to support git-php
* Dockerfiles - extend with git and set git global
* UTIL pa_address-edit actions=decommission | bugfix not possible to remove object from dynamic address-group
* UTIL | improve service any usage to 0-65535 from any / dynamic improvements from 1024-65535 to 1025-65535
* UTIL pan-os-php type=device | bugfix for actions=securityprofile-create-alert-only
* class Address/AddressGroup/Service/ServiceGroup/Tag | bugfix if e.g. merger script like to create objects in previous empty ObjectStore
* class customURLProfile | bugfix to create new customURLProfile for PAN-OS version >= 9.0
* UTIL type=gratuitous-arp | bugfix typo in argument

GENERAL:
* update Readme and Install file / bring in information for PAN-OS-PHP on Windows WSLv2 installation


2.0.26 (20211209)
UTILS:
* UTIL pan-os-php type=$utiltype is the only supported UTIL script for the future, all other UTIL script are set to deprecated
* UTIL pan-os-php UI - move to local file usage
* UTIL all script - introduce new argument "shadow-nojson"
* UTIL UI - improvement to get filter correctly working for operators like ">,<,=,!"
* UTIL UI - starting on extended version
* UTIL UI - extend to delete additional actions/filter column
* UTIL develop - add multiple script in specific for downloading PAN-OS software
* UTIL develop | introduce API creation testing script for different objects
* UTIL develop | introduce reset-config and software-remove script
* UTIL develop | software-downloader.php improve exception support
* UTIL introduce new ALIAS: pa_license / pa_software-preparation / pa_software-downloader / pa_config-commit / pa_config-reset / pa_get_system-user-info / pa_software-remove / pa_system-log / pa_traffic-log

BUGFIX:
* UTIL pan-os-php API - bugfix in relation to shadow-json and previous code reduction
* UTIL pa_key-manager | bugfix to add host like license-apikey/bpa-apikey/ldap-password/maxmind-licensekey only once and delete previous available key
* UTIL class UTIL.php | bugfix for adding Audit-Comment
* UTIL pa_key-manager | bugfix to correctly add password/licensekey if used with add=ldap-password/maxmind-licensekey

GENERAL:
* Dockerfiles - extend to different PHP versions
* App-ID version: 8497-7093 update
* framework examples | update 'example-panapiconnector.php'


2.0.25 (20211203)
UTILS:
* PAN-OS-PHP API - bugfix for PHP8.1
* all edit script with method PAN-OS API - introduce sending audit-comment information - default setting "PAN-OS-PHP $UTILtype $timedate"
* pa_rule-edit | 'actions=exportToExcel:FILE.html,ResolveAddressSummary|ResolveserviceSummary|ResolveApplicationsummary' - improve resolveservicesummary, if application-default is used in service and app-id has specified apps
* pa_zone-edit | introduce actions=name-rename:NewZoneNAME
* UTIL all script | introduce new argument "auditComment=XYZ" to bring in your custom auditComment
* UTIL all script - remove duplicate header / footer
* UTIL all script - optimise to always use single method entry from PAN-OS-PHP

BUGFIX:
* UTIL script download predefined PAN-OS content data - bugfix/workaround if PAN-OS API bring in double <response><return
* pa_tag-edit | actions=created:NewTag - bugfix to not error out on PAN-OS API - first check if NewTag is already availalble
* framework class App | bugfix as FawkesConf has no appstore at shared level / has no SHARED level
* UTIL pa_rule-edit | actions=display,ResolveServiceSummary bringing back consistent output for port and application-default app-id port
* class PanAPIConnector - bugfix if connection timeout

GENERAL:
* framework - content id update to version 8494-7079
* class PanAPIConnector - extend AuditComment usage to all kind of manipulation API request set/rename/delete/edit
* class PanAPIConnector | improve behaviour to request username / password if wrong APIKEY is stored in .panconfkeystore


2.0.24 (20211201)
UTILS:
* pa_application-edit | class App method filteredApps() - introduce filter based on characeristics
* pa_address-edit | introduce 'filter=(object is.region)'
* pa_device-edit | actions=display-shadowrule - introduce PAN-OS version validation
* pa_device-edit | introduce actions=geoip-check:[IP-ADDRESS]
* pa_rule-merger | extend argument 'additionalmatch=user|urlcategory|target'
* pa_device-edit | actions=display-shadowrule - display rule name and owner (DGname / vsys) instead of displaying rule uuid
* pa_device-edit | actions=display-shadowrule - now possible for VSYS / Panorama DG / Panorama managedDevice
* pa_rule-edit | introduce 'filter=(timestamp-last-hit.fast <>!= VALUE)'
* development | introduce system-log.php and traffic-log.php 

BUGFIX:
* UTIL all object merger script | bugfix for pickfilter and excludefilter
* framework class App - optimise method filteredApps() to get correct apps if multiple apptag / characteristics are used in application-filter app
* pa_device-edit | bugfix for actions=display-shadowrule if running against PAN-OS FW device
* framework class cidr | bugfix for method cidr::stringToStartEnd() to correctly get IPv6 start / end
* class cidr - bugfix for method stringToStartEnd() - in relationship to IPv6
* pa_config-size | bugfix if length == 0 to avoid devicision with 0

GENERAL:
* framework introduce class Region | make use of it in all PAN-OS xml config parts
* framework | introduce Maxmind geo2ip lite download and usage
* framework class RuleStore | introduce method findByUUID() - use in pa_device-edit actions=display-shadowrule
* framework class PanAPIConnector | introduce method getLog()


2.0.23 (20211121)
UTILS:
* pa_rule-merger - extend argument additionalmatch with 'secprof'
* pa_address-edit | introduce new reference filters
* pa_device-edit - extend manageddevice information if PAN-OS API is used
* pa_device-edit | introduce actions=exportInventoryToExcel / exportLicenseToExcport devicetype=manageddevice
* pa_rule-edit | actions=display:resolveServiceSummary shadow-json - if service is.application-default and app is.any => do service resolve to default app protocol port
* pa_rule-stats | optimised if arguments "cycleconnectedfirewalls" to display FW model
* pa_device-edit | introduce actions=display-shadowrule
* pa_device-edit - introduce actions=securityprofile-create-alert-only | until now working only against VSYS or DG - use filter=(name eq XYZ) to define where to create / no PAN-OS API mode supported yet
* pa_device-edit - optimise actions=securityprofile-create-alert-only[:true] - introduce bool argument [shared], if set to true profiles are create at SHARED level
* UTIL introduce Palo Alto Networks max FW object counters in JSON format
* pa_application-edit / pa_rule-edit actions=display:ResolveApplicationSummary|ResolveServiceSummary code reduction / optimisation
* pa_application-edit | introduce App Tag from PAN-OS - introduce 'filter=(apptag has XYZ)'

BUGFIX:
*  all utils script - bugfix if Panorama config is used with loadpanoramapushedconfig
* pa_rule-edit - bugfix for actions=display:resolveservicesummary - if service is.application-default and app has application.filter
* pa_address-merger | bugfix if for DG duplicate value is available on childDG and parentDG [thanks to Necip Cebeci ]
* pa_rule-edit | bugfix for actions=display:ResolveServiceSummar|ResolveApplicationSummary - fix memory leak

GENERAL:
* class PanAPIConnector - extend with methods loadPanoramaPushedConfig() / panorama_getAllFirewallsSerials()


2.0.22 (20211112)
UTILS:
* pa_rule-edit - get back actions=user-add:USER / user-remove:USER / user-set-any for PAN-OS API mode
* pa_rule-edit | introduce actions=user-check-ldap:show,LDAPuser,LDAPserver,OU=XYZ;DC=domain;DC=local,OUfilter
* pa_rule-edit | actions=user-check-ldap - extend to check if user is existent in a specific LDAP group e.g. disabled
* pa_rule-edit | actions=user-check-ldap - extend help
* pa_rule-edit - enhancement for actions=from-/to-calculate-zones - if template is set to api@SERIAL - now full routing table incl. dynamic routing is used for zone calculation
* class UTIL - extend method locationNotFound for JSON response

BUGFIX:
* pa_upload-config in=api://MGMT-IP/merged-config - bringing this feature back to specify to download running-/merged-/candidate-config
* framework class ObjStore - bugfix - extend validation about existing variable setting
* framework class RuleStore | bugfix for Fawkes Container / DeviceCloud
* framework class PanAPIConnector - bugfix if PAN-OS API mode and API key is not available in combination with argument shadow-json
* pa_rule-stats | bugfix to display all object if argument loadpanoramapushedconfig is used

GENERAL:
* class Rule/VirtualRouter/StaticRoute - optimise method zoneCalculation to use optimised create-/add-static-Route


2.0.21 (20211106)
UTILS:
* pa_securityprofile-edit | extend class with threatException - display it with actions=display
* pa_securityProfil-edit | introduce 'filter=( exception is.set) / (exception has XYZ)'
* pa_securityprofil-edit | introduce actions=exporttoexcel:FILE.html
* pa_securityprofil-edit - improve JSON response stdout with argument shadow-json
* pa_application-edit | introduce 'filter=(name regex /XYZ/)'
* pa_rule-edit | introduce 'filter=(app has.recursive XYZ)'

BUGFIX:
* pa_securityprofile-edit | bugfix based on filter=(location is XYZ)
* pa_service-merger | class Merger - bugfix for service-merger | variable not correctly declared
* pa_address-edit | actions=replaceByMembersAndDelete add arguments [:keepGroupName] choices: tag, description
* pa_rule-edit actions=from-/to-calulcate-zone BUGFIX - PAN-OS API mode is now working again

GENERAL:


2.0.20 (20211025)
UTILS:
* pa_address-edit | actions=decommission - improvement for better object decommission handling
* pa_service-edit | introduce actions=decommission
* pa_address-edit | improve actions=display for dynamic Addressgroup
* pa_address-edit | improve 'filter=((name regex /$$ipv4$$/) and (value is.included-in.name) )' - to match only full IP-Address
* pa_panos-xml-issue-detector | extend check for /config/readonly/devices/entry[@name='localhost.localdomain']/template

BUGFIX:
* pa_appid-enabler | bugfix related to methods move to class UTIL
* class ObjRulecontainer / AddressGroup - to add object with same name but different owner of DG hierarchy only once
* class AddressGroup add members to dynamic Addressgroups
* pa_address-edit - fix all actions where method find() is used to NOT search nested
* pa_service-edit - improve all actions if method find() is used

GENERAL:
* class ServiceGroup | introduce method has() - for better usage in pa_servicegroup-merger


2.0.19  (20211022)
UTILS:
* extend tests scripts for more QA
* sendGARP - introduce class RUNSSH - make use of in sendGARP
* sendGARP | extend command preparation with DNAT DST ip-address for test arp gratuitous
* pa_servicegroup-merger help | fix typo for argument dupalgorithm [thanks to Necip Cebeci ]
* pa_service-edit | introduce filter for sourceport.value and action sourceport-set / sourceport-delete

BUGFIX:
* pa_device-edit | bugfix for actions=devicegroupe-create:NAME if 'shared' is used as parentDG
* class RuleStore | bugfix to create shared pre-rulebase at correct place if not existent
* class IPsecTunnel | bugfix for not reading XML correctly for protocol part of a IPsec tunnel
* pa_address-merger / pa_service-merger | bugfix if picked object type differ from the parentDG choosen object [thanks to Olivier Straehler ]
* class IKEGateway | bugfix to not set XML nodes, which were not available at start
* pa_address-merger | bugfix do not delete picked address object if replacement was skipped once

GENERAL:


2.0.18 (20211019)
UTILS:
* pan-os-php / API / bash_autocompletion | extend with script xml-op-json and bpa-generator
* pa_key-manager | introduce support for license-apikey/bpa-api-key | extend class PanAPIConnector to store both apikey in .panconfkeystore
* pan-os-php | version include now php version

BUGFIX:
* UTIL all object merger script | bugfix to support argument DupAlgorithm [thanks to Necip Cebeci for finding and reporting this bug]
* framework | bugfix to support PHP version 8.0.X [thanks to Christopher Fettig ]

GENERAL:
* dockerfile - introduce bash_autocompletion for Dockerfile-cli - usage of ubuntu CLI with PAN-OS-PHP installed
* framework - update ubuntu_set_path_variable.sh - full installation is now possible, if Ubuntu is pre-installed
* framework - all UTIL scripts | include phpversion() - update Dockerfiles using variables for PHP version


2.0.17 (20211015)
UTILS:
* pan-os-php and API | introduce support for rule-merger
* XML_op_JSON | move to class XMLOPJSON extend UTIL
* register-ip-mgr | move to class UTIL( 'custom' )
* userid-mgr | move to class UTIL( 'custom' )
* pa_userid-mgr | introduce actions=display and unregister-all
* pa_register-ip-mgr and pa_userid-mgr | introduce class REGISTERIP and USERIDMGR
* pan-os-php and API | extend to support register-ip-mgr and userid-mgr
* pan-os-php bash-autocompletion - extend with all available UTIL script - to finalise the single entry by using PAN-OS-PHP framework

BUGFIX:

GENERAL:


2.0.16 (20211014)
UTILS:
* pa_panos-xml-issue-detector | improvement to use parent methods from class UTIL
* pa_appid-enabler / pa_config-size / pa_upload-config - improve to use parent available methods from class UTIL
* UTIL - pa_config-size / pa_diff / pa_override-finder / pa_upload - optimisation to use more of class UTIL
* pa_application-edit | introduce 'filter=(object has.member XYZ)'
* pa_application-edit - improve actions=display for applicationGroup
* pa_rule-merger | move everything into class RULEMERGER
* pa_upload-config | skip adding user admin2 if already available
* pa_rule-merger | introduce functionality for location=any to run rule-merger with a single run against all DG

BUGFIX:
* pa_appid-enabler | bugfix regarding how variables are used, after moving over to class APPIDENABLER()
* pa_address-merger | bugfix for call class MERGER()
* pa_panos-xml-issue-detector | bugfix how variables are used after moving to class XMLISSUE
* pa_upload-config | bugfix for out= type file

GENERAL:


2.0.15 (20211012)
UTILS:
* optimise all object merger scripts to use class MERGER
* pa_key-manager - introduce class KEYMANAGER - make use of main class UTIL
* pa_rule-edit | actions=display:resolveservicesummary - improve output for JSON response
* pa_download-predefined | make use of CLASS PREDEFINED
* pan-os-php | introduce key-manager and all other object merger script
* pa_panos-xml-issue-detector | introduce class XMLISSUE extend UTIL - make use of XMLISSUE within script pa_panos-xml-issue-detecotor
* pa_key-manager - optimisation to support better JSON response
* pa_diff | introduce class DIFF extends UTIL - make use of XMLISSUE within script pa_diff
* pa_override-finder | introduce class OVERRIDE extend UTIL - make use of this in pa_override-finder
* pa_appid-enabler | introduce class APPIDENABLER extend UTIL - make use of it in pa_appid-enabler - to support PAN-OS-PHP API in the future
* pa_config-size | introduce class CONFIGSIZE extend UTIL - make us in pa_config-size and prepare for future API usage
* pa_bpa-generator - introduce class BPAGENERATOR - make use of it in pa_bpa-generator
* UTIL api - introduce support for override-finder/diff/upload/xml-issue/appid-enabler/config-size

BUGFIX:
* pa_securityprofile-edit | bugfix to handle JSON output for shared and other DG/VSYS correctly
* pa_xml-issue-detector | bugfix to handle ip-wildcard not as as missing IP configuration

GENERAL:
* framework | finalise renaming to PAN-OS-PHP


2.0.14 (20211010)
UTILS:
* merger script extend for JSON output
* API | introduce POST to send XML file directly to PAN-OS-PHP API
* API and API-UI | improvments
* pa_application-edit | introduce 'filter=(tcp has XYZ)' / 'filter=(udp has XYZ)'
* all script actions=exportToExcel - for PAN-OS-API usage, specify project/html folder as file destination storage
* API extend JSON file with application and threat action/filter

BUGFIX:
* class SecurityProfileGroup | bugfix for SaasSecurityProfileStore
* pa_rule-edit | bugfix for 'filter=(user.count XYZ)'
* pa_rule-edit | bugfix for resolveapplicationsummary shadow-json
* pa_rule-edit | bugfix for shadow-json to display from/to zone
* pa_rule-edit actions=display shadow-json | bugfix for SRC/DST if any for resolveAddressSummary
* pa_rule-edit actions=display:resolveservicesummary shadow-json | bugfix to display service resolve correctly
* pa_rule-edit actions=exporttoexcel:FILE.html,ResolveApplicationsummary | bugfix to display app-id resolvesummary correctly

GENERAL:


2.0.13 (20211004)
UTILS:
* pa_rule-edit actions=display:ResolveAddressSummary|ResolveServiceSummary introduce summary output if argument shadow-json is used
* pa_rule-edit introduce additionalargument 'ResolveApplicationSummary' for actions=display:ResolveApplicationSummary and actions=exporttoexcel:file,ResolveApplicationSummary
* pa_rule-edit - add array keys for actions=display:ResolveApplicationSummary
* apigui - add example in error output
* pa_device-edit - add serial# in output
* pa_rule-edit actions=display:ResolveAddressSummary - for shadow-json - split static and dynamic output - dynamic are tmp objects without value
* pa_rule-edit introduce 'filter=(user.count '<,>,+,!)' - )' / 'filter=(user is.in.file FILENAME)'
* pa_rule-edt | introduce actions=xml-extract - to extract rule xml information of matching rules - only working with additional argument shadow-json
* all | with "shadow-json out=true" full PAN-OS XML config is available in stdout JSONarray ['out']['xmldoc']
* pa_rule-edit | introduce actions=user-add:USER / actions=user-remove:USER
* pa_rule-edit | introduce actions=user-set-any
* pa_rule-edit/pa_schedule-edit | introduce 'filter(schedule expire.in.days XYZ)' / 'filter=(object expire.in.days XYZ)' to display information about shortly expired rules/schedule
* pa_rule-edit | actions=exporttoexcel / actions=display introduce additionField: ResolveScheduleSummary - to display expire date for schedule objects

BUGFIX:
* pa_device-edit - bugfix to print DG hierarchy in JSON
* pa_application-edit - bugfix to print APP information optimised in JSON
* pa_address-edit | bugfix for is.included-in.name if object is tmp and value is available
* pa_rule-edit bugfix for 'filter=(user has.regex /USER-group/)'
* pa_rule-edit | bugfix for ANY actions=display shadow-json

GENERAL:
* framework class PH - introduce function ACTIONstatus - make use in pa_tag-edit
* predefined.xml update to version 8465-6967
* framwork - class PH | introduce method ACTIONlog() - make use of this in pa_tag-edit actions


2.0.12 (20210930)
UTILS:
* pa_rule-edit - introduce new 'filter=(from has.same.to.zone)'/'filter=(to has.same.from.zone)'
* pa_device-edit - introduce new actions=DeviceGroup-remove / actions=AddressStore-rewrite
* pa_key-manager - introduce argument 'user' and 'pw' to create PAN-OS API-key without CLI interaction
* pa_key-manager - display .panconfkeystore filepath if using argument 'debugapi'
* introduce JSON response for most of the UTIL scripts with argument shadow-json - not available for pa_rule-edit and pa_application-edit yet
* pa_rule-edit introduce JSON response with argument shadow-json
* pa_application-edit introduce JSON response with argument shadow-json

BUGFIX:

GENERAL:
* move from print to PH::print_stdout - in preparation for JSON response, some missing parts fixed


2.0.11 (20210915)
UTILS:
* pa_key-manager - improve debugapi, to display also testAPI command - extend help with argument shadow-apikeynohidden for PAN-OS <9.0

BUGFIX:
* class PanAPIConnector - create PAN-OS XML API key
* class SecurityRule - [thanks to Brian Trost for finding this] if XMLNode service is not available also add <member>any</member> and not only an empty XML node <service\>
* framework | class PanAPIConnector - fix for hidden PW prompt on Windows systems

GENERAL:
* test | remove ssl-tls-service-profile on all test config files


2.0.10 (20210907)
UTILS:
* move to the general PH::print_stdout
* introducing script pan-os-php.php with alias pan-os-php - used as a single entry script

BUGFIX:
* pa_rule-edit | bugfix 'filter=(service is.udp/is.udp.only/is.tcp/is.tcp.only)

GENERAL:


2.0.9 (20210903)
UTILS:
* pa_application-edit | introduce actions=move
* pa_rule-edit actions=exporttoexcel - extend with rule target information
* introduce pa_threat - actions=display and filters
* pa_service-edit | actions=exportToExcel - add timeout value
* pa_diff - extend to display rule order changes

BUGFIX:
* pa_application-edit | class UTIL fix for deviceType FAWKES to display predefined app
* class AddressGroup | method includedInIP4Network return 0 instead of 1 if Addressgroup has no members
* class RuleStore | method resultingPostRuleSet() - for Panorama shared now postRule is only return once instead of duplicate
* pa_service-edit | bug fix for actions=timeout-set:SECONDS - <override><no/></override> was not removed | skip if servicegroup
* pa_XYZ-merger | bug fix to merg with childDG ONLY if argument allowmergingwithupperlevel is set
* pa_rule-edit | bugfix - actions=exporttoexcel:FILE ruleType=pbf - PBF has no TO zone
* pa_rule-edit - bugfix 'filter=(service is.udp)'

GENERAL:
* introduce class AppCustom/AppFilter/AppGroup - to split object relevant information from class App
* introduce class SaasSecurityProfile - extending all Fawkes config class and UTIL to support this new SecurityProfile
* introduce class Threat / ThreatStore / ThreatVulnerability / ThreatSpyware
* predefined.xml update to version 8448-6902


2.0.8 (20210719)
UTILS:

BUGFIX:
* framework related to appStore - introduce appStore on all lower level/DG hierarchy

GENERAL:
* SecurityProfile classes rename from XYZStore to XYZ
* class App - introduce methods isApplicationCustom() / isApplicationFilter() / isApplicationGroup()


2.0.7 (20210717)
UTILS:
* pa_securityprofilegroup-edit | new actions=securityProfile-Set and securityProfile-Remove - new filters: * secprof: as-profile.is, as-profile.is.set, av-profile.is, av-profile.is.set, data-profile.is, data-profile.is.set, file-profile.is, file-profile.is.set, url-profile.is, url-profile.is.set, vuln-profile.is, vuln-profile.is.set, wf-profile.is, wf-profile.is.set
* introduce new script pa_application-edit; with different filters
* pa_device-edit | extend with devicetype=manageddevice
* pa_securityprofilegroup-edit | introduce actions=exporttoexcel:FILE.HTML
* pa_schedule-edit - class Schedule | introduce method setNonRecurring
* pa_schedule-edit - class Schedule | introduce methode setRecurringDaily and setRecurringWeekly
* pa_device-edit | introduce actions=displayreferences
* pa_securityprofile-edit - added support for data-filtering

BUGFIX:
* class Schedule/ScheduleStore - bugfix to create new schedule objects

GENERAL:
* introduce class LogCollectorGroup - benefit for pa_device-edit devicetype=manageddevice actions=displayreferences
* introduce SecurityProfile data-filtering class DataFilteringProfileStore - support on FW and Panorama and there for vsys/DG and also on shared level


2.0.6 (202107212)
UTILS:
* pa_zone-edit | introduce filter=(logprof is.set) and (logprof is XYZ) | actions=exportToExcel
* pa_device-edit | introduce actions=template-add:TEMPLATENAME for devicetype=templatestack | introduce filter=(name eq DEVICENAME)
* pan_config-size - introduce new script  - to display the specific parts of the config which used the most config size
* pa_securityprofilegroup-edit - introduce new script

BUGFIX:
* pa_diff | bugfix to find also changes within existing config like adding rule to/from/source/destination member
* pa_panos-xml-issue-detector | extend to remove duplicate members from security-Rule source/destionation/application - remove duplicate application-group members
* class AddressGroup | bugfix to read filter of dynamic addressgroup correct
* class RuleStore/SecurityRule | improve config reading for PAN-OS >= 10.0 - hip-profiles is now source-hip and additional destination-hip

GENERAL:
* predefined.xml update to version 8422-6787


2.0.5 (20210627)
UTILS:
* pa_rule-edit introduce 'filter=(description.length <>=! NUMBER)'
* pa_rule-edit actions=exportToExcel - introduce column 'log_profile_name' to display the log forwarding profile name
* pa_address-edit introduce new 'filter=(value has.wrong.network)' - display objects where IP-value does not fit to calculated IP-network
* class UTIL | introduce $location, $sub for single location cli argument, to be used in example template
* pa_rule-edit introduce 'filter=(rule is.enabled)'
* device-edit.php | introduction BETA script
* class DH | extend method findXPath to accept array with multiple xPath strings
* panos-xml-issue-detector | extend to support FAWKES config syntax
* pa_device-edit - new util script to display VSYS/DeviceGroup/Template/TemplateStack/Container/DeviceCloud informaiton
* class PH | improvments to be prepared for next feature pan-os-php API
* routing-/interface-/vwire-edit - move from develop to util folder
* zone-edit script - start using NETWORKUTIL - to better support Panorama configuration
* introduce PAN-OS-PHP API in addition to PAN-OS-PHP CLI

EXAMPLES:
* update template script to show how UTIL() class usage make your scripting life easier
* update template script to add $util->save_our_work() method at the end

BUGFIX:
* class AddressStore - introduce AddressGroup validation for method  nestedPointOfView()
* UTIL | bugfix related to display_error_usage_exit usage from class UTIL
* UTIL | class CallContext - introduce $util variable to use single ava
* class SecurityProfileStor | bugfix for calling URLProfileStore and cu…  …
* class customURLProfileStore | bugfix if XMLnode 'list' is not available
* class IPsecTunnel | bugfix NOT create XML node 'proxy-id-v6' if not avai…
* UTIL | bugfix to get argument 'apitimeout=XYZ' into working mode
* UTIL | reinitiate class PH() at calling of UTIL()
* UTIL | pa_rule-edit actions=exportToExcel - related to class Schedule() introduce in the past
* UTIL | pa_address-edit actions=replaceByMembersAndDelete - missing validation if object is group
* UTIL | pa_service-edit actions=replaceByMembersAndDelete - missing validation if object is group
* class SecurityRule | bugfix for reading Schedule Object if defined on parentDG / shared level
* class SecurityRule | bugfix for method rewriteSecProfXML() to remove XML childelement only once
* class IPsecTunnel | bugfix in load_from_domxml() if XML Node 'protocol' not found 


2.0.4 (20210519)
UTILS:
* pa-address/service/tag/schedule-edit introduce argument loadpanoramapushedconfig to display local and panorama pushed objects


2.0.3 (20210517)
BUGFIX:
* bugfix for pa_addressgroup-merger and pa_service-merger


2.0.2
UTILS:
* pa-address/service/tag/schedule-edit introduce argument loadpanoramapushedconfig to display local and panorama pushed objects

BUGFIX:
class SecurityProfileStore/SecurityProfileGroup - related to classes Container/DeviceCloud/PanoramaConf/PanConf/VirtualSystem/DeviceGroup - correction of SecurityProfileStore type - fix related if argument 'loadpanoramapushedconfig' was used
pa_tag-edit/pa_schedule-edit/pa_rule-edit - fix XML out file; if all objects are deleted, so that XML Node do not contain any Newline



2.0.1 (20210514)
GENERAL:
* introduce again travis for automatic unit testing

UTILS:
pa_address-edit - new 'filter=(value is.included-in.name)' | to check if object value is part of object name
pa_address-edit - new 'filter=(value is.in.file FILENAME)'
address-edit - new actions=value-set-reverse-dns
address-edit - new actions=value-set-ip-for-fqdn
XYZ-merger | update functionality 'allowmergingwithupperlevel' - complete DG hierarchy is now checked & if Panorama DG has two/more childDG these childDG are checked and if duplicate objects are there, objects are merged into parentDG
address-merger | merge TAG before duplicate object is deleted
schedule-edit | introduce new util tool, introduce 'filter=(object is.expired)'
rule-edit | introduce 'filter=(schedule is.expired)' - example usage: pa_rule-edit in=api://IP actions=disabled-set 'filter=(schedule is.expired)'
pa_xml-issue-detecor | extend to find for source/destination if ANY and other objects are set
address-edit | extend actions=display to print tag information

BUGFIX:
address-merger | bugfix to NOT merging objects from upperlevel if same name but different type [also NOT if value is logical same] (e.g. 1.1.1.1 with type ip-netmask - do not merge with one.one.one.one of type fqdn)
PanoramaConf | fix for TagStore to set parentCentralStore at time of reading DG hierarchy - example usage pa_rule-edit actions=tag-add:TAGNAME (if TAGNAME is defined NOT at shared but at parent DG)
util developer scripts - fix includePath to fit into PAN-OS-PHP project


2.0.0 (20210426)
GENERAL:
* name: pan-os-php
* predefined.xml is at version 8399-6667

UTILS:
* display/manipulate PAN-OS config sections
* introduce support for FAWKES



1.5.16 (20190214)

GENERAL:
* update predefined.xml to 8122-5298
* trait-PathableName.php | improve function toString() to display alternativeName of VSYS
* class-LoopbackInterface | introduce function type()
* class-VirtualRouter | extend function addstaticRouter to create correct XML output
* panos-xml-issue-detector | add validation/fix for duplicate sec/nat rule names
* class-PH/-PanAPIConnector | introduce new argument shadow-ApiKeynoSave - which do not save the API key in the User Home file .panconfkeystore
* class-EthernetIfStore/-EthernetInterface | introduce function addSubintefaceToStore( $subinterface )
* class-SecurityRule | implement scheduler
* class-EthernetInterface/-StaticRouter/-VirtualRouter/ utils interface - add support for IPv6 Addresses
* class-ServiceStore | introduce function findbyProtocolDstSrcPort
* rename to PAN-PHP-FRAMEWORK

UTILS:
service-merger: extend location=any - especially for Panorama DG to merge all DG objects with one single script run - also possible with argument allowmergingwithupperlevel
service-merger: change default DupAlgorithm from sameport (which focus only on Dst port) to sameDstSrcport
address-/service-merger:  extend location=any to run successful against firewall with vsys/multi-vsys
addressgroup-/servicegroup-merger: introduce location=any for Panorama DG and Firewall vsys
rule-edit: introduce 'filter=( schedule is [scheduler-name] )'
rule-edit: introduce actions=schedule-set:[schedule-name]
service-edit | actions=move - extend output if firewall is multivsys
service-edit | introduce 'filter=(value is.single.port / is.port.range / is.comma.separated)'
rule-edit | introduce new actions=service-remove-objects-matching-filter:subquery1,[forceAny] 'subquery1=( [all available service filter are possible] )'
address-/rule-/service-/tag-edit | change default behaviour if argument 'out' is not set "out=/dev/null" is used | if argument actions is not set "actions=display" is used

BUGFIX:
- fix for pa_rule-edit 'filter=(rule is.unused.fast)' for PAN-OS version detection if connection is going through Panorama
- fix for pa_rule-merge if NEGATION of original Rule and RuleToCompare differ
- fix for different classes are made
- fix class-NatRule | rewriteSNAT_XML() revert new introduced bug
- fix service-merger | fix  algorithm=SameDstSrcPorts for single FW vsys
- fix address-/service-merger | fix location=any - add also shared
- fix trait-ObjectWithDescription | fix setDescription for UTF8 encode


------------------------------------------------------------------------------------------------------------------------

1.5.15 (20180611)
* introduce release 1.5.15
* update predefined.xml to 8041-4843
* introduce class-VirtualWire
* introduce class-TemplateStack
* update predefined.xml to 8043-4857
* class-EthernetInterface/-EthernetIfStore - extend with new Interface types
* class-VirtualWire/-VirtualWireStore - extend with new methodes - setName/setInterface - newVirtualWire / addVirtualWire
* class-Zone/ZoneStore - extend with virtual-wire
* class-VirtualWire/VirtualWireStore - extend validation
* class-InterfaceContainer - extend validation for addInterface - improve API_addInterface
* class-EthernetInterface/EthernetIfStore - extend with ae information - extend validation
* class-Zone - reduce warning if not yet supported in PAN-PHP-FRAMEWORK
* class-Zone - extend with type: tap, layer2, tunnel
* update predefined.xml to 8070-5032
* class-Address - introduce address object of type ip-wildcard
* class-AppStore/App - introduce App secure ports
* class-IKEGateway - extend to cover IKEv2
* class-PANAPIConnector - introduce hidden arguments: shadow-displaycurlrequest | shadow-hiddenapikey (new with PAN-OS 9.0 - send API key via Header)
* update predefined.xml to 8110-5233
* class-NatRule - extend with dynamic-destination-translation (PAN-OS 8.1)

utils:
address-edit: improvement for actions=decommisssion - extend interface (ethernet/vlan/loopback/tunnel) with add/removeIPv4address
address-edit: new filter '(value string.regex /[SEARCH-STRING]/)'
address-edit: new actions=description-delete | new 'filter=(description is.empty)' | new 'filter=(location is.child.of [DG]) / (location is.parent.of [DG])'
upload-config: extend in=api://[MGTM-IP]/panorama-pushed-config to download panorama pushed config
rule-edit: introduce hip-profile for actions=display
rule-edit: new actions=hip-set:[HIP-Profile]
rule-edit: new action "logsetting-set-FastAPI:[LOGFORWARD]"
address-merger: extend skipped object output with DG information
address-edit: new actions=value-host-object-add-netmask-m32
userid-mgr: fix help / missing variable set
register-ip-mgr: introduce new util
rule-merger: merge for all methods the available tags
rule-merger: merge for all methods the available description
pan-diff: introduce new util to easily compare two pan-os xml config file
panos-xml-issue-detector: introduce new util to fine e.g. duplicate member in address-/service-group
address-merger: extend location=any - especially for Panorama DG to merge all DG objects with one single script run - also possible with argument allowmergingwithupperlevel
register-ip-mgr | introduce new util to display and unregister-unused dynamic registered-ip addresses
service-edit: new actions=description-delete | new 'filter=(description is.empty)' | new 'filter=(location is.child.of [DG]) / (location is.parent.of [DG])'
tag-edit: new 'filter=(location is.child.of [DG]) / (location is.parent.of [DG])'
address-edit: new actions=name-replace-character:[search],[replace]
rule-edit: new action "name-Replace-Character:search,replace"
service-edit: new action "name-Replace-Character:search,replace"
rule-edit: new filters (from is.in.file [FILENAME]) / (to is.in.file [FILENAME])
appid-enable: introduce new script to enable APP-IDs which are set to disabled - directly against panorama or via panorama to all connected firewalls on panorama
pan-diff: extend with API input - to easily compare running and candidate config
tag-edit: new actions=exporttoexcel:[filename]
address-edit: extend actions=description-append:$$current.name$$

utils(under development):
ike: new script to show all IKE/IPsec profile and config settings
interface: new script to show interface settings
routing: new script to show route settings
vsys: new script to show all vsys
vwire: new script to show vwire settings
zone: new script to show zone settings

bugfix:
- fix class-IpsecTunnel | related to proxy-id if <protocol> is not available
- fix class-EthernetInterfaceStore | xpath fix
- fix implementation of class-AggregateEthernetInterface
- fix class-VirtualSystem | no warning if IPv4 address without netmask is used as interface IP
- fix class-QosRule - fix access type related to app 'filter=(app is.any)'
- fix error output for XMLline - correct lineNo if lineNo > 65535
- fix class-authenticationRule |  fix for FW config - typos related to XML xpath finding
- fix class-IkeCryptoProfileStore | -IKEGateway | -IKEGatewayStore | -IPsecCryptoProfileStore | -IPsecTunnel | -IPsecTunnelStore || improve data handling during script execution
- fix class-VirtualRouter | fix if object not found for getting the interface IP
- fix description field for rules and objects was increased to 1023 characters with PAN-OS 7.1 | update all relevant places
- fix class-AddressRuleContainer - improve setAny, offline config file has now any as correct entry
- fix rule 'filter=(rule is.unused.fast)' for PAN-OS version > 8.1
- fix address-merger - duplicate FQDN are now also covered
- fix address-merger - for location=shared | if config is panos
- fix service-edit - action=rename, if service is tmp (e.g. service is from Panorama DG)

------------------------------------------------------------------------------------------------------------------------

1.5.14 (20180227)
* class PanAPIConnector : added support for installed app/av/wildfire/threat-version / PA-VM uuid / cpuid
* new class IkeCryptoProfile; IkeCryptoProfileStore; IPSecCryptoProfil; IPSecCryptoProfilStore
* class PanAPIConnector : added support for device uptime
* update predefined.xml to 8020-4723
* new class ServiceSrcPortMapping
* class-AddressGroup - implement method hasGroupinGroup and getGroupNamerecursive
* class-IPsecTunnel - extend with more validation and warnings
* class-NatRule.php - introduce method API_setNoSNAT / API_setNoDNAT
* new class AuthenticationRule : bring in PAN-OS 8.0 change from CaptivePortalRule to AuthenticationRule

utils:
rules-edit: new action dsri-set:[bool], dsri-Set-FastAPI:[bool] => default value is false
rules-edit: action 'display' extend with DSRI information, if "Disable Server Response Inspection" is enabled for security rule
rules-edit: action'nameRename' extend for additional variable usage like $$current.name$$ and $$sequential.number$$
rules-edit: new action 'app-Fix-Dependencies' to display missing dependencies, with additional argument 'app-Fix-Dependencies:yes' all missing app-id dependencies are added
rules-edit: new action 'securityProfile-remove-FastAPI'
rules-edit: new filter (location is.parent.of [DeviceGroup])
rules-edit: new filter 'app has.missing.dependencies'
rules-edit: new filter 'action is.drop'
download-predefined: introduction of new util to download predefined.xml especially for APP-id database
address-edit: new action split-large-address-group
address-edit: new action AddToGroup
address-edit: new action decommission
rules-edit: new 'filter=(service has.value.only [443])'
rules-edit: new 'filter=(snathost has.from.query subquery1)' 'subquery1=([all filters possible from address-edit])'
rules-edit: new 'filter=(snathost.count - >,<,=,!)'
rules-edit: extend actions=name-Prepend/name-Append/name-Rename with argument accept63characters as bool
address-merger: introduce argument debugapi and exportcsv | which print out per object value the objects replaced by the kept one | improve output for ancestor
service-merger: introduce new dupalgorithm sameDstSrcport
service-edit: new filter (value string.eq [DstPort])
service-edit: new filter (overrides.upper.level/overriden.at.lower.level)

bugfix:
- fixed rule 'filter=(rule has.destination.nat)'
- fix rule-merger - wrong calculation usage for method 5,6,8
- fix class App - calculateDependencies has missing app-id dependency calculation if explicit and implicit app-id are set
- fix rules-edit filter (rule is.unused.fast) in a DeviceGroup hierarchy
- fix class-AppStore - App details not imported if App has no ports
- fix for all FastAPI actions directly running against a firewall
- fix for address-merger.php - allow ancestor merging with same name on upperlevel for FQDN address objects
- fix address-edit actions=name-addprefix/name-addsuffix/name-removePrefix/name-removeSuffix
- fix class App - import application-filter before application-group to avoid tmp application tagging
- fix service-edit actions=move - problem with API mode for TMP objects
- fix class AddressRuleContainer - fix is related address-merger for snathost replacement
- fix memory calculation for specific situations
- fix memory issue if own addressgroup/servicegroup is added as a subgroup in an offline configuration file (move from error to warning)
- fix problems with mergen of branches
- fix address-edit filter=(object overrides.upper.level)
- fix service-merger replace value() with getDestPort()
- fix service-merger help description
- fix address-edit actions=AddToGroup where shared objects need to be added to childDG | new argument devicegroupname if location=any
- fix rule-edit 'filter='(snathost.count >,<,=,!)' if not NATRule
- fix class-AddressGroup - if group isDynamic
- fix address-edit actions=AddToGroup | improve action to work against all parent/childDG and also shared/vsys level on Firewall
- fix rule-edit 'filter=(members.count < ) - if dynamicAddressGroup | related to last fix of class-AddressGroup if group isDynamic
- fix class App-stroe - Application-group members are imported now
- fix class-PanAPIConnector.php - introcude M-200 and M-600 devices
- fix address-/ service-merger where same object name in address and addressgroup cause an error
- fix trait-AddressCommon.php method __removeWhereIamUsed - for address-edit actions=decommission
- fix class-Rule / class-AuthenticationRule - filter-rule | missing stuff for new class-Authentication


1.5.13
* class ServiceGroup: extend __construct with $fromTemplateXml
* class ServiceStore: extend for API_newService()/newServiceGroup()/API_newServiceGroup()
* class NatRule: added support for floating-ip in NAT rules
* class SecurityRule: added support for URL Categories
* class App : added support for technology, categories fields
* class App : added support for evasive-behavior, consume-big-bandwidth, used-by-malware, able-to-transfer-file, has-known-vulnerability, tunnel-other-application fields
* class App : added support for  prone-to-misuse, pervasive-use, risk, virus-ident, file-type-ident, file-forward, is-saas fields
* class APP : added support for timeout, tcp-timeout, udp-timeout, tcp_half_closed_timeout, tcp_time_wait_timeout, custom_signature
* class App : extend with method iscustom() CustomHasSignature()
* class AppStore: added support for application-group and application-filter
* class AppStore: added support for custom application
* class PANConf/PanoramaConf/VirtualSystem: add support for application-group and application-filter
* class PanAPIConnector : added support for mgmt-ip via variable info_mgmtip

utils:
address-edit: new filter tag has / has.nocase / has.regex and tag.count >,<,=,! / object is.recursive.member.of
address-edit: new filter reflocation is / reflocation is.only / refstore is / reftype is
address-edit: new action description-append
address-edit: new action add-member
override-finder: supporting scenario where template defined objects are not present in candidate config
rules-edit: new filter 'service has.recursive', 'secprof av-profile.is.set', 'secprof as-profile.is.set', 'secprof url-profile.is.set', 'secprof wf-profile.is.set', 'secprof vuln-profile.is.set'
rules-edit: new filter 'secprof file-profile.is', 'secprof file-profile.is.set', 'secprof data-profile.is', 'secprof data-profile.is.set'
rules-edit: new filter 'service has.only', 'user has', 'user has.regex', 'url.category is.any'
rules-edit: new filter 'app technology.is', 'app category.is', 'app subcategory.is', 'app characteristic.has xxxx'
rules-edit: new filter 'app includes.full.or.partial', 'app includes.full.or.partial.nocase', 'app included-in.full.or.partial', 'app included-in.full.or.partial.nocase'
rules-edit: new filter 'service has.from.query' and 'service has.recursive.from.query'
rules-edit: new filter 'location is.child.of [DG]'
rules-edit: new filter 'service is.tcp','service is.tcp.only','service is.udp','service is.udp.only','service has.value [PORT_VALUE]','service has.value.recursive [PORT_VALUE]'
rules-edit: new filter 'app custom.has.signature'
rules-edit: new filter 'dnathost included-in.full', 'dnathost included-in.partial', 'dnathost included-in.full.or.partial', 'dnathost includes.full', 'dnathost includes.partial', 'dnathost includes.full.or.partial'
rules-edit: action 'tag-Add-Force' new field 'tagColor' to setColor for forced Tag creation
rules-edit: action 'description-append' new field 'newline' as boolean parameter no/yes
rules-edit: action 'display' extend with logsetting information / URL category
rules-edit: action 'exporttoexcel' extend with additionalFields choice ResolveServiceSummary
rules-edit: action 'description-Prepend'
service-edit: new actions tag-Add | tag-Add-Force | tag-Remove | tag-Remove-All | tag-Remove-Regex
service-edit: new action 'name-rename' to allow renaming based on template string. ie:  'name-Rename:$$protocol$$-$$current.name$$'
service-edit: new action description-append
service-edit: improve action move - API mode now supported to move service objects to shared level
service-edit: new filter tag has / has.nocase / has.regex and tag.count >,<,=,! / object is.recursive.member.of
service-edit: new filter reflocation is / reflocation is.only / refstore is / reftype is
tag-edit: new action move
tag-edit: new filter reflocation is / reflocation is.only / refstore is / reftype is
useid-mgt: add argument debugapi
doc update

bugfix:
- fixed a crash when trying to move some rule types from PRE/POST
- fixed dependencies issues when trying to move an object to another location
- fixed action 'target-set-any' that would not update properly
- override-finder.php : supported use case where firewall has no template applied
- fixed action 'description-Append'
- fixed an issue with pipeSeparatedList and actions in xxx-edit utilities
- upload-confing.php : fix an issue where serial# of in=api://[SERIAL]@IP is also used for out=api://IP - but not definied
- address-edit - xxx-calculate-zones, fixed a crash when interface IP is configured with an address object (class VirtualRouter)
- address-edit: action 'move' was improperly applied to tmp objects
- changed SecurityRule::API_getAppContainerStats2() to use DeviceGroup name on PANOS 7.1+ instead of firewall serial numbers
- fixed a crash when displaying service objects where a service group is member of a service group
- xxxx-merger : fixed an issue where subQueries were ignored
- fixed an issue where predefined applications were created as TMP
- fixed an issue with 'filter=(rule has.source.nat)' where no source NAT rule were shown
- fixed a crash when trying to add tag to temporary address objects
- fix address-edit help name-rename output
- fix class-loopbackinterface / class-aggregateethernetinterface regarding $type variable
- fixx for address-edit filter - value ip4.included-in/ip4.includes-full/ip4.includes-full-or-partial - regarding addressgroup with member count 0


1.5.12 (2017-04-04)
* introduction of UTILS help.html (utils/doc/help.html)
* introduction of new util : userid-mgr to register/unregister/dump userid record through api
* introduction of info_hostname in PanAPIConnector
* introduction of TAG color

utils:
rules-edit: action 'exportToExcel' new fields 'dst_negated' and 'src_negated' to show when some fields are negated
rules-edit: new action  'name-removePrefix' 'name-removeSuffix' 'app-add-force'
rules-edit: action 'from/to-calculate-zones' add new mode 'unneeded-tag-add' to add rule tag (unneeded-from/to-zone) where unneeded zones are available
rules-edit: filter 'is.unused.fast' extend for nat rules
rules-edit: new filters 'src is.fully.included.in.list'
rules-edit: new actions 'dst-Remove-Objects-Matching-Filter' and 'src-Remove-Objects-Matching-Filter' to remove objects matching a specific filter
rules-edit: new action 'securityProfile-Profile-Set' to set individual profiles
address-edit: new filter 'description regex'
address-edit: new fields in exportToExcel : 'ResolveIP' and 'NestedMembers'
service-edit: new filter 'description regex'
generic: new filters 'location regex'
tag-edit: new action 'setColor', 'addComments', 'deleteComments'
tag-edit: new filter 'color eq', 'comments regex /XXX/', 'comments is.empty'

bugfix:
- help message was not available in override-finder.php
- fixed an issue with PANOS 8.0 and new DG hierarchy. OMG what did they do ? :D


1.5.11
* new function AddressCommon->hasDescendants() to for objects with same name in lower level (child devicegroups)
* new function AddressCommon->hasDescendants() to determine if objects with same name in lower level (child devicegroups) exist
* Improved address name regex based filter with support to insert objects value: $$netmask$$, $$netmask.blank32$$, $$value$$, $$value.no-netmask$$
* new Utility to manage stored API keys 'key-manager.php'

utils:
* new 'address-merger', 'addressgroup-merger', 'service-merger', 'servicegroup-merger' utilities. Safer, faster and find more dups than MT.
* new tag-edit utility on the same basis as address-edit
rules-edit: new action 'tag-Remove-All' 'position-Move-to-Top' 'position-Move-To-Bottom' 'position-Move-Before' 'position-Move-After'
rules-edit: new filter 'service has.regex', 'rule is.dsri'
rules-edit: action 'exportToExcel' new option to add optional fields like 'resolveAddressSummary'
address-edit: new action 'name-rename' to allow renaming based on template string. ie:  'name-Rename:H-$$value.no-netmask-$$current.name$$'
address-edit: new filters 'overriden.at.lower.level' and 'overrides.upper.level', 'ip4.includes-full', 'ip4.includes-full-or-partial', 'object is.iprange', 'object is.fqdn', 'object is.ip-netmask', netmask  >,<,=,! XX
address-edit: new actions 'name-removePrefix, name-removeSuffix', 'tag-add', 'tag-add-force', 'tag-remove', 'tag-remove-all', 'tag-remove-regex'
service-edit: new actions 'name-removePrefix, name-removeSuffix'
service-edit: new filters 'object is.tcp' and 'object is.udp'
tag-edit: new filters 'name eq', 'name contains', 'name eq.nocase', 'location is' and 'refcount - >,<,=,!'
override-finder: when firewall is not available, instead of exit with error, program will skip it and warn user.

bugfix:
- added checks to prevent crash when trying to resolve an IPv6 object into an IPv4 mapping
- fixed a crash when exporting PBF rules to HTML in  rules-edit utility
- fixed a crash when replacing an object used in a DNAT with another object
- fixed an typo with setLogEnd in SecurityRule that would prevent the rule from being updated


1.5.10
* New Utility "override-finder.php" : find and display which parts of a firewall configuration are currently overriding the Template pushed by Panorama.
* DoSRule and QoSRule class introduced
* Fixed PBF rules inconsistencies FROM and TO fields
* PanAPIConnector new function panorama_getConnectedFirewallsSerials()

utils:
upload-config: new argument 'extraFiltersOut' to strip unwanted XML parts out of the config before saving/uploading it.
rules-edit: new actions 'from-replace', 'to-replace' to help replace Zones where required

bugfix:
- fixed a loading error when using blank proxy-id in IPsecTunnels which implictly means 0.0.0.0/0
- fixed an issue where malformed xml could be generated when changing log-profile when it already existed
- fixed error caused by typo in filter (src/to has.from.query)
- fixed rules-edit filter is.dnat and is.snat and renamed has.source.nat, has.destination.nat, has.bidir.nat


1.5.9
* PanAPIConnector::register_sendUpdate() new IP registration function; PanAPIConnector::register_getIP() new get registered IP function
* ServiceGroup : detect and warn when a group has several times the same object
* Zone : function addObjectWhereIamUsed() implemented, supports only SecurityRule so far
* Rules : improved support of targets with new functions : target_rewriteXML, target_addDevice, target_setAny, target_setNegate, target_isNegated, target_removeDevice
* PH: finally introduced a way to track library version with PH::frameworkVersion() and PH::frameworkVersion_isGreaterThan()

utils:
service-edit: new filters 'object is.unused.recursive' to check if an object is used in groups/nested groups which are not used either
rules-edit: new actions 'src-Negate-Set','dst-Negate-Set' to enable/disable a rule Source/Destination negation
                        'target-Set-Any','target-Add-Device','target-Negate-Set','target-RemoveDevice' to manage targets
                        'clone' to clone rules before/after another rule and add a suffix
rules-edit: improved 'calculate-zones' with NAT rules which will be cloned if several destination zones are found

bugfix:
- typos in service-edit action prefix-add suffix-add
- report generation on 7050 requires explicit 'async=yes'
- calculate-zones now considers directly connected with better priority than static ones
- fix issue in VirtualSystems where Captive-Portal rules were loaded as AppOverride
- fix 'stats' output for rules-edit.php, address-edit.php and service-edit.php


1.5.7
* introduction of rules Target field support in the core lib and in utils/filters
* NatRule display() outputs more informations, directly benefits to rules-edit.php
* PH::getPanObjectFromconfig() new helper function to load Panorama or Firewall conf
* introduced plugin system for address/rules/services-edit.php
* TagRuleContainer::copy new helper function to copy tags from one Rule to another
* DecryptionRule/PbfRule class now supports service (introduced in PANOS6.1)

utils:
rules-edit : new filters 'target is.any' 'target has xxxxx/vsysX' 'snathost has xxxx' 'dnathost has xxxx' 'rule is.snat' 'rule is.dnat' 'rule is.snatbidir' 'snat is.static' 'snat is.dynamic-ip' 'snat is.dynamic-ip-and-port' 'natdstinterface is.set' 'rule is.universal' 'rule is.intrazone' 'rule is.interzone'
rules-edit : new filters for security profiles: 'secprof av-profile.is' 'secprof as-profile.is' 'secprof vuln-profile.is' 'secprof wf-profile.is'
rules-edit : new actions 'name-Append' and 'name-Prepend' 'split-bidirectionalnat' 'change-ruleType'
address-edit : improved filter 'name regex' to allow external regular expression reference, permitting expression with parenthesis without the need to escape. ie: 'filter=(name regex %subquery1)' 'subquery1=/^(az)/'
address-edit: new filters 'object is.unused.recursive' to check if an object is used in groups/nested groups which are not used either
utilities: propose to enter a new login/password if previous ones are detected as invalid

bugfixes:
- fixed an issue where security profile filter 'is.set' and 'not.set' could return wrong value
- fixed an issue where log fowarding profile change would not update the XML
- RuleStore : fixed an issue where creating a NatRule would generate an error
- rules-edit 'logEnd-Disable' was not available due to a typo in the name
- RuleStore::moveRuleAfter/Before fix for post-rulebase would not work
- Source Nat could be improperly written in some cases


1.5.6
* introduction of CaptivePortal, Pbf type rules initial support
* PANConf : enhanced support to load pushed panorama config
* RuleStore : new function to get rules from parent DeviceGroups
* AddressGroup : enhanced group loading time & consistency
* SecurityRule|DecryptionRule : added userID support (readonly for the moment) + filters for rules-edit.php
* changes to make XML code closer to PANOS flavor : empty rules stores won't be created in XML anymore, same for Tag stores

utils:
rules-edit : loading of firewall configurations can now get panorama pushed config, use option 'loadPanoramaPushedConfig'
rules-edit : added new filters for userid : 'user is.any' 'user is.unknown' 'user is.known' 'user is.prelogon'
rules-edit : added security profile, log profile userid column in ExportToExcel

bugfixes:
- proper XML update when an object used in DNAT is renamed
- fixed an issue where M-100 and M-500 would not be detected as Panorama
- fixed missing TO field in ExportToExcel
- fixed an issue where a zone would have wrong name after its creation
- fixed an issue with users of old PHP (previous version of MACOSX) and OpenSSL TLS


1.5.5
core:
* AddressGroup : new functions API_add(), API_remove(), function addObjectWhereIamUsed(), API_addObjectWhereIamUsed()
* Service : added tag support, new function addObjectWhereIamUsed(), API_addObjectWhereIamUsed()
* ServiceGroup : added tag support, new function API_remove(), addObjectWhereIamUsed(), API_addObjectWhereIamUsed(), removeWhereIamUsed()
						API_removeWhereIamUsed()

utils:
* rules-edit.php : new Actions 'description-append', 'securityProfile-Remove', 'removeWhereUsed'
* rules-edit.php : create FastAPI modes for : 'enabled-set', 'logStart-Enable', 'logStart-Disable', 'logEnd-Enable', 'logEnd-Disable'
					'securityProfile-Group-Set'
* rules-edit.php : new filters 'name is.in.file'
* service-edit.php : new Action 'replaceWithObject', 'addObjectWhereUsed', 'removeWhereUsed'
* address-edit.php : new Action 'replaceWithObject', 'addObjectWhereUsed'
* address-edit.php : new filters 'name is.in.file' 'value ip4.included-in '

bugfixes:
* rules-edit.php : destination zone calculation fix in
* AddressGroup : was incorrectly reported as Dynamic when object XML was empty (MigrationTool issue)
* Address : support usage of IP ranges directly in rules which was not supported before.
* IP4Map : included-in calculation was return wrong 0 whatever the input


1.5.3
core:
* RuleStore function to get rule position 'getRulePosition()'

utils:
* address-edit.php : new Actions exportToExcel, name-addPrefix, name-addSuffix
* service-edit.php : new Actions exportToExcel, name-addPrefix, name-addSuffix, replaceGroupByService
* added a template to quick start your own scripts. look in examples\template-for-your-own-scripts.php

bugfixes:
* issue during creation of a new Service that failed to detect proper protocol


1.5.2
* switched classes constructors to __construct() which is mainstream for PHP5.4+ and 7.0
* major performance improvement when loading a configuration (added 'name to objects' indexes for fast searches)
* renamed address query filter "value eq" to "value string.eq" for string comparison
* new address query filters "value ip4.match.exact"
* rules-edit.php : improved zone calculation feature by allowing to load an external firewall
* rules-edit.php : new action exportToExcel

bugfixes:
* NatRule source nat hosts and types were incorrectly implemented


1.5.0
Library:
* 6.1 'rule-type' support (universal,intrazone,interzone) implemented. See SecurityRule->type() for details.
* support for 7.0 new Security rules actions : drop, reset-client, reset-server, reset-both
* support for 7.0 Device Group hierarchy
* basic support of Panorama templates
* moved preRules and postRules into one single store (see getPreRules and getPostRules)
* VirtualRouter and Static route implemented
* Major interface/network additions were made to allow future tools like routes calculation etc etc.
* Support for AppOverride rules

Utilities:
* new utility : rule-merger.php to find similar rules and merge them
* util rule-edit : new action 'resolve-zones' to do a rule resolution
* util rule-edit : new action 'copy' to copy rules into another vsys/device-group
* util rule-edit : new action 'tag-remove-regex'
* util rule-edit : new action 'cloneForAppOverride' to clone a security rule and make it an AppOverride
* util rule-edit : service-edit and address-edit will auto-detect PANOS vs Panorama, no need to use argument 'type' anymore
* util rule-edit : new filters : 'rule is.unused.fast' will check if a rule was not used since reboot (use cli 'show running rule-use rule-base security type unused vsys vsys1')
* util rule-edit : new filters : src/dst 'included-in.full included-in.partial included-in.full.or.partial' and 'includes.full includes-full.or.partial includes.partial'
* util rule-edit : new filters : src/dst 'has.recursive.regex'
* util rule-edit : new filters : description 'regex' , 'is.empty'
* util rule-edit : new filters for app 'has' and 'has.nocase' and log profile : 'logprof is.set' 'logprof is xxx'
* util rule-edit : new filters for zones : 'has.regex' and 'from.count' 'to.count'
* util rule-edit : new listActions menu
* util address-edit:  new action 'move'
* util service-edit and address-edit new actions: replaceByMembersAndDelete, showIP4Mapping
* util service-edit : new action 'addObjectWhereUsed'
* util service-edit : new filters for services : 'name is.in.file'
* util upload-config : now supports inject xml parts direct in candidate config (see 'toXpath' and 'fromXpath' option)
* util upload-config : you can now preserve target firewall config (like its mgmt ip for example, look for 'help' to see options available).
* util upload-config : now supports api://x.x.x.x/running-config candidate-config to choose between running and candidate or already saved file




---------

1.2.6
* introduction of new 'utils' upload-config.php script that allows you send a config to a device or save a config from a device or bridge a config from a device to another.
* introduction of Exception support for programs that don't want to quit when an error occurs. use PH::enableExceptionSupport() any time for that
* IOMethods now support optional filename : out=api://192.168.50.10/stage2.xml
* new filter for rule-edit utility: rule is.disabled
* elementToPanXPath() helper to print xpath the way PANOS uses it

1.2.4
* introduction of address-edit.php and service-edit.php on same basis than rules-edit.php for objects manipulations
* API_delete() implemented for Address, AddressGroup, Service, ServiceGroup
* RQuery now supports math operators, opening the way for new filters ( >,<,=,!,>= ....)
* bug fixes for AddressGroup members management on v6

version 1.2.3
* serious bug fixes , upgrade is recommended
* TagRuleContainer->merge() implemented
* fix for ServiceGroup with PANOS6 when reading from XML
* fixes for DOM XML use vs DeviceGroup creation

version 1.2.2
* switch API calls from GET to POST for larger requests
* implemented new timeouts system for API calls for people with slow connection to the device

version 1.2.1
* speed improvment when loading candidate config from a firewall, call API "show config saved candidate-config" now.
* SecurityRule->API_setSourceIsNegated and SecurityRule->API_setDestinationIsNegated implemented
* Address->setDescription() and API_setDescription implemented
* Address and AddressGroup now have Tag support
* bugfix : load api key from login & password fixed with DomXML

version 1.2.0
* switch to DOM XML lib for better and faster memory management
* skeleton for new classes : EthernetInterface, EthernetIfStore, NetworkPropertiesContainer to start supporting interface manipulation
* rule-edit new filter : 'services has'
* rule-edit new actions : logEnd-enable, logEnd-disable, logStart-enable, logStart-disable, logSettingSet
* rule->API_setDescription() implemented
* SecurityRule->API_setLogSetting() implemented
* new function implemented for IpsecTunnels to help manipulate them : proxyIdList(), searchProxyIdLine($local,$remote), hasProxyId($local,$remote), findAvailableProxyIdName($baseName), removeProxyId($local,$remote), addProxyId($local,$remote,$name=null)


version 1.1.5
* new class AddressRuleContainer to replace AddressStore in Rules  (same way as ZoneRuleContainer in previous release)
* new class ServiceRuleContainer for the same purpose
* bugfix for application-default where it would not update the xml value

version 1.1.4
* rule-edit now supports multiple actions at the same time
* rule-edit now supports Nat and Decryption rules (look for argument 'ruletype=')
* rule-edit has new filters for security profiles
* introduced CsvParser
* introduced IPsecTunnel and IPsecTunnelStore (see PANConf->ipsecTunnels)
* support for login+password API access to generate a key live
* UserID API login PanAPIConnector::userIDLogin( ) implemented
* AppRuleContainer introduced and replaces AppStore on rules
* renamed rules stores to make better sense ie: VirtualSystem->secrules becomes VirtualSystem->securityRules
* renamed VirtualSystem->allVSYS to VirtualSystem->virtualSystems and findVSYS_byName() to findVirtualSystem()
* renamed class VSYS to VirtualSystem
* added port for PanAPIConnector (default is 443)


version 1.1.2
* bash alias file in utils/alias.sh for easy summoning of utils scripts
* new filters for rules-edit.php : from is.any, to is.any, app is.any, rule is.postrule, rule is.prerule, rule has.no.securityprofile
      name eq, name contains, services is.any, services is.application-default, dst has.recursive, src has.recursive,
      tag has, tag has.nocase
* new actions for rules-edit.php : delete, invertPreAndPost, from-Remove, from-Remove-Force-Any, to-Remove, to-Move-Force-Any
   src-Remove-Force-Any, dst-Remove-Force-Any, tag-Add, tag-Add-Force, tag-Remove
* improved secrules-edit.php arguments sanitization and help message
* changed Stores to Containers in Rules for Zones and Tags
* DecryptionRule initial support
* fix unsupported NAT issue
* fix LogStart and LogEnd filters in secrules-edit.php

version 1.1.0
* adding folder 'utils' with scripts ready for the field
* added script utils/checkpoint-exclude.php to process checkpoint exclusion groups into static objects
* added script utils/grp-static-to-dynamic.php to convert static groups into dynamic based groups with Tags
* added script utils/secrules-edit.php to mass edit rules
* added class PH (PAN-PHP-FRAMEWORK Helper) to gather utility functions
* better support for V6 configs
* implemented ZoneStore->has(Zone)
* RQuery class created to parse & match rule filters
* added more comments and fixed some typos

version 1.0.4
* implemented ZoneStore->includesStore() to know if one includes the other
* implemented AddressStore->includesContainerExpanded() to know if one includes the other
* implemented ServiceStore->includesContainerExpanded() to know if one includes the other
* implemented ServiceGroup->expand() and AddressGroup->expand() to get a list of all objects (recursive) within that group
* impelemented Address->resolveIP_Start_End()
* fix cidr::netMatch() function for partial matches
* fix in zones To/From setAny() and RemoveZone() functions
* fix Store->replaceObject code to check if object already exists

version 1.0.2
* most objects now support ->getXPath() to get an object XPath
* create and rename DeviceGroups functions implemented
* Address->equals() , Address->sameValue() implemented
* AddressGroup->equals(), AddressGroup->sameValue() implemented
* AddressStore->merge())  ServiceStore->merge() ZoneStore->merge()  implemented
* SecurityRule Log-Setting (forwarding profiles fixes)
* few bugs fixes

version 1.0.1
* Address setValue() setType() implemented as well as their API counterparts
* functions create Sec and Nat rules , create Address and Service objects
* changes in AddressStore to make it case insensitive and performance tweaks
* alternate XML engine for WAYYYY faster loading in huge configs and uses a lot less memory. Use variable $UseAlXml = TRUE variable to use it (still in beta)
* new object->toXML() and toXML_inline() functions to convert an object to xml string
* now supports local firewall API calls through Panorama
* listing of firewalls serials managed by panorama PanoramaConf->getManagedFirewallsSerials()
* load managed firewall configs with PanoramaConf->loadManagedFirewallsConfigs($fromDirectory = './')

version 1.0.0
* more API functions implemented
* support for Panorama device-group -> device listing   DeviceGroup::getDevicesInGroup()
* support for API report request via PanAPIConnector->getReport()
* support for API rule application usage via SecurityRule->API_getAppStats() and SecurityRule->API_getAppContainerStats()
* support for API rule cloning  RuleStore->API_cloneRule()
* loading predefined apps by default and their containers
* ServiceStore->isApplicationDefault() and isAny() implemented
* looooooots of other new stuff I forgot about

version 0.9c
* PAN API support improved, can now load/save a config directly from API
* fixed negate-destination
* improved example-panorama-unused-objects.php example to count unused objects

version 0.9a
* new example-panorama-unused-objects.php
* fixed removeZone() and removeApp()
* added helpful error message in removeZone()
* fixed some documentations

version 0.9
* fixed a bug when adding Zones to a rule, XML was not updated
* added AddressGroup::removeAll() to clear a group from all its objects.
* modified example-split-large-gorups accordingly and added some performance tweaks.
* created panconfigurator.php for easier lib inclusion and fixed path shared.php to make them absolute
* fixed object renaming in Address and Service Store
* tons of documenting efforts
* few more fixes I forgot about

version 0.8
 * fixed ServiceStore::remove() function to work with metlife example stage4 to merge service objects. Same fix applied to AddressStore class.
