Die Open-Source Firewall OPNsense, wurde aktualisiert und steht in Version 18.7.8 bereit. Das Bugfix / Stable Release führt einige Verbesserungen durch und behebt kleinere Fehler. Weiterhin wurde die bereits angekündigte Authentifizierung mittels LDAP+TOTP hinzugefügt.

Weiterhin wurden einige Programme aktualisiert:

• OpenSSL 1.0.2q
• OpenSSH 7.9p1
• Sudo 1.8.26)
• Cyrus-Sasl 2.1.27
• Lighttpd 1.4.51
• PHP 7.1.24

Nach dem Upate ist kein Neustart notwendig.

OPNsense Release Notes 18.7.8

• system: show the actual validation messages for NextCloud backup constraints
• system: LDAP import button primary colour and prevent default page submit
• system: add LDAP+TOTP authentication variant (2FA)
• system: avoid silent fatal error when LDAP OUs could not be retrieved
• system: avoid duplicated cookies on login page by not closing session
• system: allow to fully disable misc. reboot failsafe backups
• system: switch default argument for return_gateways_status()
• system: add “Synchronize config to backup” button to HA status page
• system: disable help text expand when backup fields have no help text
• system: sort user and group lists alphabetically
• interfaces: add CARP info to legacy_interfaces_details()
• interfaces: removal of find_interface_subnet() and find_interface_subnetv6()
• interfaces: introduce find_interface_network() and find_interface_networkv6()
• interfaces: refactor find_interface_ip() and find_interface_ipv6()
• interfaces: fix and use ipaddr6_ll return value in find_interface_ipv6_ll()
• firewall: extend outbound NAT address source and destination with networks
• firewall: fix save error when alias name contains an underscore
• firewall: do not set days or hours when update frequency is empty
• firewall: increase resolve() performance for aliases
• firmware: change packaging to be able to place files in the root directory
• reporting: fix possible division by zero in NetFlow aggregator
• dhcp: reorder arguments of function services_dhcpd_configure()
• dhcp: consolidate service probe of IPv6 and router advertisement daemons
• dhcp: fix clear hook on log file delete
• importer: make clear that /conf/config.xml is required for any import to take place
• monit: add quotes and timeout to custom program path (contributed by Frank Brendel)
• monit: add SSL options to mail server connection (contributed by Frank Brendel)
• network time: improve GPS status parsing
• openvpn: add remote address as route when set during linkup
• shell: interface banner now only shows enabled interfaces
• unbound: do not clear statistics when querying them
• lang: updates for Chinese, Czech, French, German, Japanese, Portuguese and Russian
• mvc: fix toggleBase returning ‘failed’ result when using $enabled
• mvc: fix PortField validation and make well-known ports optional
• mvc: fix checking empty string in grid view (contributed by Smart-Soft)
• rc: make it more obvious in /boot/loader.conf that system tunables work as well
• ui: sidebar performance optimisation (contributed by Team Rebellion)
• ui: vertically center current menu item on visible screen when height is too small
• plugins: os-haproxy 2.10[1][2][3] (contributed by Frank Wall)
• plugins: os-igmp-proxy forces reinstall due to missing core function
• plugins: os-ntopng 1.1 adds HTTPS support (contributed by Michael Muenz)
• plugins: os-nut fix for config file generation (contributed by Michael Muenz)
• plugins: os-postfix fixes typo (contributed by Michael Muenz)
• plugins: os-telegraf 1.7.2 adds validation messages to tags (contributed by Michael Muenz)
• plugins: os-theme-cicada 1.9 (contributed by Team Rebellion)
• plugins: os-theme-tukan 1.8 (contributed by Team Rebellion)
• plugins: os-upnp removes unused function
• plugins: os-zabbix-agent 1.4[4] (contributed by Frank Wall)
• ports: cyrus-sasl 2.1.27[5]
• ports: lighttpd 1.4.51[6]
• ports: openssh 7.9p1[7]
• ports: openssl 1.0.2q[8]
• ports: php 7.1.24[9]
• ports: pkg minor upstream fixes
• ports: sudo 1.8.26[10]

Quelle: https://opnsense.org/opnsense-18-7-8-released/