OPNsense 25.1.1 released

[franco]

Hello,

Here we are with further refinements to 25.1 and it is looking
pretty well so far.  Included are the recent FreeBSD security
advisories and the OpenSSL 3.0.16 which came out just yesterday.

The roadmap for 25.7 is being worked on at the moment and should
be ready for publication next week / release.

Here are the full patch notes:

o system: exclude pchtherm thresholds temperature thresholds
o system: regression in groupAllowed() as values are now comma-separated
o system: update button wording on new HA status page
o reporting: fix missing typecast in epoch range for DNS statistics
o interfaces: fix undefined array key warnings in DHCP client setup (contributed by Ben Smithurst)
o interfaces: remove "hellotime" configuration leftover of recent bridge cleanup
o firmware: opnsense-update: fix failure to clean up the working directory
o firmware: opnsense-update: support -B and -K with -c option check
o firmware: opnsense-update: let -u skip already installed packages set
o firmware: kernel may not be pending so be sure to check on upgrade attempt
o firmware: add an upgrade test for wrong pkg repository
o firmware: revoke 24.7 fingerprint
o captive portal: fix missing class import
o captive portal: partially revert new lighttpd TLS defaults
o ipsec: fix glob pattern for advanced configuration banner
o monit: revert "wrap exec in double quotes to allow arguments"
o ui: reverted style changes only relevant for the development version
o ui: header image scaling fixes in default light theme
o ui: remove right border from "aside" element in default dark theme
o plugins: os-caddy 1.8.2[1]
o plugins: os-crowdsec 1.0.9[2]
o plugins: os-ddclient 1.27[3]
o src: pf: send ICMP destination unreachable fragmentation needed when appropriate
o src: pfil: set PFIL_FWD for IPv4 forwarding
o src: if_vxlan: use static initializers
o src: if_vxlan: prefer SYSCTL_INT over TUNABLE_INT
o src: if_vxlan: Invoke vxlan_stop event handler only when the interface is configured
o src: pf: force logging if pf_create_state() fails
o src: tarfs: fix the size of struct tarfs_fid and add a static assert
o src: ext2fs: fix the size of struct ufid and add a static assert
o src: cd9660: make sure that struct ifid fits in generic filehandle structure
o src: tzdata: import tzdata 2025a
o src: audit: fix short-circuiting in syscallenter()
o src: ktrace: fix uninitialized memory disclosure]
o src: netinet: enter epoch in garp_rexmit()
o ports: curl 8.12.0[4]
o ports: monit 5.34.4[5]
o ports: openssl 3.0.16[6]
o ports: pcre2 10.45[7]
o ports: php 8.3.16[8]


Stay safe,
Your OPNsense team

--
[1] https://github.com/opnsense/plugins/blob/stable/25.1/www/caddy/pkg-descr
[2] https://github.com/opnsense/plugins/blob/stable/25.1/security/crowdsec/pkg-descr
[3] https://github.com/opnsense/plugins/blob/stable/25.1/dns/ddclient/pkg-descr
[4] https://curl.se/changes.html#8_12_0
[5] https://mmonit.com/monit/changes/
[6] https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md
[7] https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.45
[8] https://www.php.net/ChangeLog-8.php#8.3.16