Home
Help
Search
Login
Register
OPNsense Forum
»
Administrative
»
Announcements
»
OPNsense 23.7.8 released
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense 23.7.8 released (Read 14611 times)
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
OPNsense 23.7.8 released
«
on:
November 09, 2023, 03:26:33 pm »
Hey,
The configuration restore GUI has been improved in a number of ways due to
recent demand and Squid was updated to the new major release version 6.
A number of reliability improvements were also added to the WireGuard
kernel plugin which from our perspective is now ready for core inclusion.
The documentation is being updated accordingly, but will take a bit more
time to ensure consistency following up on the GUI changes it received.
This update also includes FreeBSD security advisories and assorted fixes.
We are aware of OpenSSL 1.1.1 CVE-2023-5678 and we are already testing
builds based on OpenSSL 3 which can be available in 24.1 when it does not
negatively impact overall operation. We also expect fixes for version
1 to be available sooner, but without OpenSSL providing such fixes directly
the roundtrip time is likely going to increase for them.
Here are the full patch notes:
o system: minor changes related to recent Gateway class refactoring
o system: use unified style for "return preg_match" idiom so the caller receives a boolean
o system: provide mismatching interface logic without reboot on configuration restore
o system: allow new backup API to download latest configuration directly via /api/core/backup/download/this
o system: extend restore to be able to migrate older configurations cleanly
o system: make trust store reload conditional
o interfaces: assorted bridge handling improvements
o interfaces: ignore ULAs for primary IPv6 detection
o interfaces: improve wireless channel parsing
o firewall: keep filtered items available longer in live log
o firewall: when migrating aliases make sure that nesting does not fail
o firewall: port can be zero in automatic rule so render it accordingly
o firewall: minor update to shaper model
o firmware: invalidate GUI caches earlier since certctl blocks this longer now
o firmware: add root file system to health audit
o monit: minor update to model
o lang: update Chinese, Czech, Italian, Korean, Polish and Spanish
o openvpn: host bits must not be set for IPv4 server directive in instances
o unbound: minor update to model
o unbound: remove localhost from automatically created ACL
o web proxy: handle the major update to version 6 and update model
o mvc: enforce uniqueness and remove validation message in UnqiueIdField
o mvc: config should be locked before calling checkAndThrowSafeDelete()
o ui: prevent form submit for MVC pages
o ui: improve default modal padding
o plugins: os-bind 1.28[1]
o plugins: os-openconnect 1.4.5[2]
o plugins: os-wireguard 2.5[3]
o src: pfctl: fix incorrect mask on dynamic address
o src: libpfctl: assorted improvements
o src: msdosfs: zero partially valid extended cluster[4]
o src: copy_file_range: require CAP_SEEK capability[5]
o src: fflush: correct buffer handling in __sflush[6]
o src: cap_net: correct capability name from addr2name to name2addr[7]
o src: regcomp: use unsigned char when testing for escapes[8]
o ports: lighttpd 1.4.73[9]
o ports: php 8.2.12[10]
o ports: squid 6.5[11]
o ports: sudo 1.9.15[12]
Stay safe,
Your OPNsense team
--
[1]
https://github.com/opnsense/plugins/blob/stable/23.7/dns/bind/pkg-descr
[2]
https://github.com/opnsense/plugins/blob/stable/23.7/security/openconnect/pkg-descr
[3]
https://github.com/opnsense/plugins/blob/stable/23.7/net/wireguard/pkg-descr
[4]
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:12.msdosfs.asc
[5]
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:13.capsicum.asc
[6]
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:15.stdio.asc
[7]
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:16.cap_net.asc
[8]
https://www.freebsd.org/security/advisories/FreeBSD-EN-23:14.regcomp.asc
[9]
https://www.lighttpd.net/2023/10/30/1.4.73/
[10]
https://www.php.net/ChangeLog-8.php#8.2.12
[11]
http://www.squid-cache.org/Versions/v6/squid-6.5-RELEASENOTES.html
[12]
https://www.sudo.ws/stable.html#1.9.15
«
Last Edit: November 10, 2023, 02:55:51 pm by franco
»
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: OPNsense 23.7.8 released
«
Reply #1 on:
November 13, 2023, 03:09:12 pm »
A hotfix release was issued as 23.7.8_1:
o interfaces: prefer GUAs over ULAs when returning addresses
o plugins: os-c-icap fix for upstream update syntax error (contributed by Andy Binder)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Administrative
»
Announcements
»
OPNsense 23.7.8 released