OPNsense 24.1.10 released

Started by franco, July 11, 2024, 02:05:13 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 11, 2024, 02:05:13 PM
Hi,

Today a number of security advisories in third party software are being
addressed.  Also, a bad dhcp6c patch has been reverted which requires
a manual reboot to take full effect.

Here are the full patch notes:

o interfaces: improve DHCPv6 requirement rules on WAN interface
o interfaces: support reading more attributes in ifconfig output parser
o interfaces: correct logic of resolve flag in ARP table (contributed by Kevin Pelzel)
o reporting: add NetFlow IPv6 support for destinations
o kea-dhcp: add description field to subnets
o kea-dhcp: add next-server option to subnets (contributed by Harm Kroon)
o wireguard: fix IP protocol detection for manual gateway
o ui: remove aria-hidden from dialogs (contributed by Jason Fayre)
o ui: properly break out selectpicker options in modals
o plugins: os-bind 1.32[1]
o plugins: os-caddy 1.6.0[2]
o plugins: os-ddclient 1.22[3]
o plugins: os-nginx 1.33[4]
o plugins: os-theme-cicada 1.36 (contributed by Team Rebellion)
o plugins: os-theme-vicuna 1.46 (contributed by Team Rebellion)
o plugins: os-zabbix-agent 1.14[5]
o plugins: os-zabbix-proxy 1.11[6]
o ports: dhcp6c 20240710 reverts faulty Debian patch
o ports: krb5 1.21.3[7]
o ports: nss 3.101[8]
o ports: openssh 9.8p1[9]
o ports: openvpn 2.6.11[10]
o ports: suricata 7.0.6[11]


Stay safe,
Your OPNsense team

--
[1] https://github.com/opnsense/plugins/blob/stable/24.1/dns/bind/pkg-descr
[2] https://github.com/opnsense/plugins/blob/stable/24.1/www/caddy/pkg-descr
[3] https://github.com/opnsense/plugins/blob/stable/24.1/dns/ddclient/pkg-descr
[4] https://github.com/opnsense/plugins/blob/stable/24.1/www/nginx/pkg-descr
[5] https://github.com/opnsense/plugins/blob/stable/24.1/net-mgmt/zabbix-agent/pkg-descr
[6] https://github.com/opnsense/plugins/blob/stable/24.1/net-mgmt/zabbix-proxy/pkg-descr
[7] https://web.mit.edu/kerberos/krb5-1.21/
[8] https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_101.html
[9] https://www.openssh.com/txt/release-9.8
[10] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26#Changesin2.6.11
[11] https://suricata.io/2024/06/27/suricata-7-0-6-and-6-0-20-released/
July 11, 2024, 05:24:46 PM #1
CAUTION: The OpenSSH update prevents SSH sessions from being established. You need to restart OpenSSH from the GUI or run the console command "pluginctl -s openssh restart" or reboot the system. For more details see the error report on Arch Linux https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/issues/5
July 12, 2024, 09:40:56 AM #2
A hotfix release was issued as 24.1.10_1:

o interfaces: allow DHCPv6 server answer from a GUA
July 15, 2024, 02:42:47 PM #3
A hotfix release was issued as 24.1.10_3:

o firewall: fix regression in GeoIP aliases selector
July 25, 2024, 12:24:18 PM #4
A hotfix release was issued as 24.1.10_8:

o firewall: fix one-to-one NAT migration with external address without a subnet set
o firmware: add fingerprint and upgrade hint for 24.7
o firmware: prefer ZFS over UFS in upgrade message
o firmware: remove unneeded Unbound DNS database upgrade script
o firmware: remove stale Squid plugin upgrade script
Print
Go Up Pages1
User actions