Home
Help
Search
Login
Register
OPNsense Forum
»
Administrative
»
Announcements
»
OPNsense 23.1.2 released
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense 23.1.2 released (Read 6738 times)
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
OPNsense 23.1.2 released
«
on:
March 07, 2023, 04:19:44 pm »
Hello,
This is mainly a reliability update with fixes in assorted subsystems.
Of note is the OpenVPN authentication framework rewrite in order to take
advantage of the upcoming OpenVPN 2.6 deferred authentication feature and
the fix for DHCP renew behaviour that was reported on 23.1.
The roadmap for 23.7 was published, but at this point mainly consists of
MVC/API porting efforts for existing static pages. While the rewrite is
not strictly necessary from a user perspective it will move us a lot closer
to our mission goal to introduce privilege separation and to provide an API
for all components.
Here are the full patch notes:
o system: use singleton boot detection everywhere
o system: protect against more stray scripts on boot
o system: several shell_safe() conversions
o system: when applying auto-far default route make sure the local address is not empty
o system: refactor system_default_route() to prevent empty $gateway
o system: create system_resolver_configure() and cron job support
o system: add simple script and configd action to list current group membership (configctl auth list groups)
o system: prevent alias reload in routing reconfiguration like we do in rc.syshook monitor reload
o interfaces: protect against empty GIF host route
o interfaces: fix parsing of device names with a dot in packet capture
o interfaces: force newip calls through DHCP/PPP/OVPN on IPv4
o interfaces: force newip calls through DHCP/PPP on IPv6
o firewall: fix NAT dropdowns ignoring VIPs
o firewall: fix validation of alias names such as "A_BC"
o fIrewall: show all applicable floating rules when inspecting interface rules
o firewall: prevent networks from being sent to DNS resolver in update_tables.py
o reporting: make all status mapping colors configurable for themes in the Unbound DNS page
o dnsmasq: add dns_forward_max, cache_size and local_ttl options to GUI (contributed by Dr. Uwe Meyer-Gruhl)
o firmware: remove retired LibreSSL flavour handling and annotations
o ipsec: reqid should not be provided on mobile sessions
o ipsec: validate pool names on connections page
o ipsec: allow "@" character in all other eap_id fields for new connections
o ipsec: add connection data to XMLRPC sync
o ipsec: "Dynamic gateway" (rightallowany) option should be translated to 0.0.0.0/0,::/0
o network time: remove "disable monitor" to get rid of log warnings (contributed by Dr. Uwe Meyer-Gruhl)
o openvpn: replace authentication handler to prepare for upcoming OpenVPN 2.6 with deferred authentication
o openvpn: rename -cipher option to --data-ciphers-fallback and adjust GUI accordingly
o unbound: fix typo in logger and create a pipe early in dnsbl_module.py (contributed by kulikov-a)
o unbound: fix type cast to prevent unnecessary updateBlocklist action
o unbound: add missing blocklist
o ui: solve deprecation in PHP via html_safe() wrapper
o wizard: unbound hardened DNSSEC setting moved
o plugins: os-acme-client 3.16[1]
o plugins: os-crowdsec 1.0.2[2]
o plugins: os-rfc2136 1.8[3]
o plugins: os-theme-cicada 1.33 (contributed by Team Rebellion)
o plugins: os-theme-tucan 1.26 (contributed by Team Rebellion)
o plugins: os-theme-vicuna 1.44 (contributed by Team Rebellion)
o src: fix multiple OpenSSL vulnerabilities[4]
o src: pfsync: support deferring IPv6 packets
o src: pfsync: add missing bucket lock
o src: pfsync: ensure 'error' is always initialised
o ports: filterlog 0.7 fixes unknown TCP option print
o ports: lighttpd 1.4.69[5]
o ports: monit 5.33.0[6]
o ports: nss 3.88.1[7]
o ports: openldap 2.6.4[8]
o ports: openssh 9.2p1[9]
o ports: php 8.1.16[10]
o ports: phalcon 5.2.1[11]
o ports: sqlite 3.41.0[12]
o ports: strongswan 5.9.10[13]
o ports: sudo 1.9.13p2[14]
Stay safe,
Your OPNsense team
--
[1]
https://github.com/opnsense/plugins/blob/stable/23.1/security/acme-client/pkg-descr
[2]
https://github.com/opnsense/plugins/blob/stable/23.1/security/crowdsec/pkg-descr
[3]
https://github.com/opnsense/plugins/blob/stable/23.1/dns/rfc2136/pkg-descr
[4]
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:03.openssl.asc
[5]
https://www.lighttpd.net/2023/2/10/1.4.69/
[6]
https://mmonit.com/monit/changes/
[7]
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_88_1.html
[8]
https://www.openldap.org/software/release/changes.html
[9]
https://www.openssh.com/txt/release-9.2
[10]
https://www.php.net/ChangeLog-8.php#8.1.16
[11]
https://github.com/phalcon/cphalcon/releases/tag/v5.2.1
[12]
https://sqlite.org/releaselog/3_41_0.html
[13]
https://github.com/strongswan/strongswan/releases/tag/5.9.10
[14]
https://www.sudo.ws/stable.html#1.9.13p2
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Administrative
»
Announcements
»
OPNsense 23.1.2 released