OPNsense 26.1.5 released

[franco]

Howdy,

This updates ships a few third party updates, assorted core fixes and
improvements of which Kea DDNS and options support may be the most
sought-after.

The captive portal IPv6 changes are ready for wider testing on the
development version and over there the grids will now auto-resize as
the limits of the Tabulator UI are pushed farther and further.  ;)

Here are the full patch notes:

o system: cleanup and simplify certificate deployment and remove legacy config import
o system: validate monitor uniqueness based on the host route presence
o system: simplify user/group sync scripts using config_read_array()
o interfaces: clean up overview UI code and fix CARP badge alignment
o interfaces: fix static neighbor apply button (contributed by Konstantinos Spartalis)
o interfaces: simplify CARP scripts using config_read_array()
o interfaces: automatic dhclient recovery
o interfaces: settings page use cases for config_read_array()
o firewall: fix regression in alias summary not shown in new rules GUI
o firewall: invalidate database when last updated time is in the future
o firewall: add missing "static port" option in source NAT
o firewall: add semantic groups coloring option in dashboard widget (contributed by Gunnar Lieb)
o firewall: one-to-one NAT rendered rule missed "log" statement
o firewall: add missing alias rename rule targets
o firewall: add alias GeoIP database update button and move bogons one to the same tab
o firewall: fix port handling in registered NAT rule
o firewall: fix MVC code vs. legacy rules display issues
o firewall: outbound NAT page use case for config_read_array()
o captive portal: cleanup and simplify certificate deployment and remove legacy config import
o captive portal: enforce POST-only on logoffAction() (contributed by Oliver Jueguen)
o dnsmasq: add "no-ping" option (contributed by Konstantinos Spartalis)
o dnsmasq: remove a too-strict validation for suffix IPv6 addresses without constructor use
o dnsmasq: ensure the lease view handles client-id correctly
o ipsec: fix delete selected for SPD and SAD
o kea: add DDNS and DHCP option support
o network time: add pool property for time servers (contributed by Konstantinos Spartalis)
o network time: remove stale symlink when PPS is disabled
o unbound: only emit warning when "addptr" was requested
o unbound: use expand formatter for blocklist URLs and DNSBL types
o unbound: include blocklist length in state change logic
o backend: more fixes for re-bound SyntaxWarning throws in Python 3.13
o backend: use config_read_array() non-insert mode mode iteration of virtual IPs
o mvc: BaseListField: merge remaining use of shared implementation of static options
o mvc: File: add file_update_contents() helper
o mvc: Shell: rewrite exec_safe() to avoid vsprintf() complications
o rc: speed up maintenance file deletes
o ui: bootgrid: require selection to be enabled for delete-selected
o ui: bootgrid: introduce 'expand' formatter to cap lists of data
o plugins: os-frr 1.51[1]
o plugins: os-tayga 1.5[2]
o ports: openldap 2.6.13[3]
o ports: perl 5.42.1[4]
o ports: phpseclib 3.0.50[5]
o ports: py-duckdb 1.5.0[6]
o ports: suricata 8.0.4[7]


Stay safe,
Your OPNsense team

--
[1] https://github.com/opnsense/plugins/blob/stable/26.1/net/frr/pkg-descr
[2] https://github.com/opnsense/plugins/blob/stable/26.1/net/tayga/pkg-descr
[3] https://www.openldap.org/software/release/changes_lts.html
[4] https://perldoc.perl.org/5.42.1/perldelta
[5] https://github.com/phpseclib/phpseclib/releases/tag/3.0.50
[6] https://github.com/duckdb/duckdb/releases/tag/v1.5.0
[7] https://suricata.io/2026/03/17/suricata-8-0-4-and-7-0-15-released/