OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Administrative »
  • Announcements »
  • OPNsense 16.1.11 released
« previous next »
  • Print
Pages: [1]

Author Topic: OPNsense 16.1.11 released  (Read 4375 times)

AdSchellevis

  • Administrator
  • Hero Member
  • *****
  • Posts: 849
  • Karma: 163
    • View Profile
OPNsense 16.1.11 released
« on: April 18, 2016, 01:50:35 pm »
Hi everyone,

We are skipping a bit ahead with 16.1.11 to address a CSRF vulnerability, which shows us the good path we have been on since we started[1] and we will surely continue this security-aware trend.

In other news, this update includes native GeoIP alias support, captive portal voucher customisations requested by many and the last batch of Russian, effectively bringing it to 100% completed. Wow!

Here is the full change log:

o services: fix CSRF vulnerability in status_services.php[2]
o www: strengthen CSRF secret generation for legacy pages
o dhcp: bring back usage of the authoritative directive
o system: allow periodic backups of RRD and DHCP for non-MFS
o captive portal: add option for less secure passwords, password and username length
o firewall: add GeoIP aliases feature
o openvpn: status page would not show the correct process status
o languages: completed Russian translation (contributed by Smart-Soft Ltd.)
o languages: updated French

Stay safe,
Your OPNsense team

--
[1] https://forum.opnsense.org/index.php?topic=2837.0
[2] https://cxsecurity.com/issue/WLB-2016040106
« Last Edit: April 18, 2016, 06:36:00 pm by franco »
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Administrative »
  • Announcements »
  • OPNsense 16.1.11 released
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2