18.1 development milestones

[Tsuroerusu]

Will LibreSSL also be updated in 18.1 or will it be sticking with 2.5.x?

[franco]

It was updated to 2.6.4 6 days ago:

https://github.com/opnsense/ports/commit/2936f5e7a

We're still testing, best case this hits in 17.7.12, worst case some time in 18.1.x, depending on the issues.

So far it looks like a smooth ride to 17.7.12 tough.

Note that 2.5.5 is still supported so we don't need to act overly fast.

[gonzo]

HI

UTM plugins: antivirus, antispam, mail, web proxy extensions .
I was very interested in this functionality. What exactly does this mean ?

[franco]

We have a couple of new plugins. In detail...

Web proxy plugins:

security/clamav -- Antivirus engine for detecting malicious threats
www/c-icap -- c-icap connects your Proxy with a virus scanner
www/web-proxy-sso -- Kerberos authentication module
www/web-proxy-useracl -- Group and user ACL for the web proxy

Mail plugins:

mail/postfix -- SMTP mail relay
mail/rspamd -- Protect your network from spam
security/clamav -- Antivirus engine for detecting malicious threats


Cheers,
Franco

[gmu]

Hello,

i use OPNsense 18.1.2_2-amd64 / FreeBSD 11.1-RELEASE-p6 / OpenSSL 1.0.2n 7 Dec 2017

My security audit say:

Code: [Select]

***GOT REQUEST TO AUDIT SECURITY***
Fetching vuln.xml.bz2: .......... done
squid-3.5.27_2 is vulnerable:
squid -- Vulnerable to Denial of Service attack
CVE: CVE-2018-1000027
CVE: CVE-2018-1000024
WWW: https://vuxml.FreeBSD.org/freebsd/d5b6d151-1887-11e8-94f7-9c5c8e75236a.html

1 problem(s) in the installed packages found.
***DONE***

Is there any timeline to fix it?

Thanks.

[franco]

18.1.3... this week...

Are you using the web proxy?

It's a DoS and for 98% one runs Squid internally so you trust your users, or at least you can slap them if they DoS.


Cheers,
Franco