OPNsense Forum
Administrative => Announcements => Topic started by: franco on May 25, 2023, 02:46:12 pm
-
Hi there,
This update improves IPv6 connectivity, extends module support for the axgbe
network driver and fixes a panic with IPv6 refragmentation over policy-based
routes amongst others.
We are currently testing FreeBSD 13.2 for the upcoming OPNsense 23.7 and it
looks promising. Watch out for roadmap updates over the next few weeks as
more MVC page conversions are being carried out.
Here are the full patch notes:
o system: calling return_down_gateways() depends on default gateway switch setting
o system: open new session if missing to prevent spurious CRSF errors in static pages
o system: add device hint to empty interface address message in case of mismatch during default route attempt
o system: add kernel messages to the general system log
o system: make sure routing log messages all use "ROUTING:" prefix
o system: print warning for duplicated gateway name
o system: prefix API key filename with FQDN of this host
o interfaces: deal with "prefixv6" as an array
o interfaces: improve address cleanup when handling VIP modifications
o interfaces: explicitly report current IP address during renewal avoidance
o interfaces: patch in appropriate rebind/renew DHCPv6 handling
o interfaces: for static "Use IPv4 connectivity" on PPPoE bring up IPv6 routes as well
o interfaces: ifctl: fix typo causing content to be printed while adding it
o interfaces: ifctl: avoid null route on fragile /64 prefix delegation
o interfaces: ifctl: do not flush name server routes
o firewall: add "set debug" and "set keepcounters" options to advanced options
o dhcp: provide run task "static_mapping" to avoid polluting unrelated plugins
o dnsmasq: use new run task "static_mapping" to collect static mappings from DHCP
o firmware: show support tiers in plugin list
o firmware: now that we have a full data model do not overdo cleanup during plugin registration
o intrusion detection: minor performance improvements when parsing metadata from rules
o openvpn: fix a warning by passing a desirable empty input containing a slash
o unbound: fix migration edge case in model version 1.0.3
o unbound: remove DNS blocklist start syshook causing an unnecessary download during bootup
o unbound: when called via GET during override creation encode using URLSearchParams()
o wizard: do not end up duplicating WAN_GW entry
o mvc: add CIDRToMask() to utilities
o mvc: prevent config restore when writer has flushed or partly written the file
o mvc: format BaseModel logger to avoid duplicate timestamps
o plugins: os-crowdsec 1.0.5[1]
o plugins: os-acme-client 3.17[2]
o src: axgbe: fix link issues for gigabit external SFP PHYs and 100/1000 fiber modules
o src: axgbe: apply RRC to miibus attached PHYs and add support for variable bitrate 25G SFP+ DACs
o src: axgbe: properly release resource in error case
o src: ifconfig: improve VLAN identifier parsing
o src: pfsync: hold b_mtx for callout_stop(pd_tmo)
o src: pf: remove pd_refs from pfsync
o src: pf: deal with KPI change bug on stable/13 by redirecting otherwise crashing traffic through ip6_output()
o ports: curl 8.1.0[3]
o ports: dhcp6c 20230523
o ports: lighttpd 1.4.70[4]
o ports: nss 3.89.1[5]
o ports: openvpn 2.6.4[6]
o ports: php 8.1.19[7]
o ports: suricata 6.0.12[8]
Stay safe,
Your OPNsense team
--
[1] https://github.com/opnsense/plugins/blob/stable/23.1/security/crowdsec/pkg-descr
[2] https://github.com/opnsense/plugins/blob/stable/23.1/security/acme-client/pkg-descr
[3] https://curl.se/changes.html#8_1_0
[4] https://www.lighttpd.net/2023/5/10/1.4.70/
[5] https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89_1.html
[6] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26#Changesin2.6.4
[7] https://www.php.net/ChangeLog-8.php#8.1.19
[8] https://suricata.io/2023/05/09/suricata-6-0-12-released/