
Das Release ist 148,8MB groß und startet die Firewall im Anschluss neu. Es wurde 22 Änderungen und Fehler korrigiert. Die Roadmap enthält nun auch das nächste größere Release 20.0 Siehe: https://opnsense.org/about/road-map/ Unten folgen noch die älteren Releases, die ich im Blog nicht erwähnt hatte.
- system: fix legacy remote logging with custom port
- system: regenerate CA bundle when modifying trusted authorities
- system: fix translation order of tunables description
- system: fix CARP maintenance mode bootup
- firewall: missing daily refresh on GeoIP type
- firewall: fix fetch of GeoIP alias if its name is same as its country
- reporting: auto-load required kernel modules for NetFlow
- reporting: allow setting NetFlow active/inactive timeout (contributed by Frank Brendel)
- captive portal: optimise ipfw rule parsing
- firmware: Homelab.no has been superseded by TerraHost mirror (contributed by Thomas Jensen)
- unbound: support file-based custom includes
- unbound: set absolute path to root.hints (contributed by h-town)
- plugins: os-bind 1.8[2] (contributed by ErikJStaab)
- plugins: os-dnscrypt-proxy 1.6[3] (contributed by ErikJStaab)
- plugins: os-etpro-telemetry 1.4[4]
- plugins: os-theme-cicada 1.20 (contributed by Team Rebellion)
- plugins: os-theme-tukan 1.20 (contributed by Team Rebellion)
- ports: ca_root_nss 3.46
- ports: ldns 1.7.1[5]
- ports: pcre2 10.33[6]
- ports: php 7.2.22[7]
- ports: phpseclib 2.0.21[8]
- ports: unbound 1.9.3[9]
A hotfix release was issued as 19.7.4_1:
- captive portal: fix merge conflict in optimisation
OPNsense 19.7.3 Release Notes
- system: try all backups for automatic revert when config.xml is damaged
- system: do a system reset if all config.xml files are damaged
- system: only show tunables reboot hint when applying tunables (contributed by Northguy)
- system: use FQDN in system log remote messages
- system: add defunct gateways to GUI in disabled state
- interfaces: only allow VLAN parents that will work as VLAN parents
- interfaces: optionally promote/demote CARP on service status
- interfaces: CARP status page report with demotion level to avoid ambiguity
- firewall: revert problematic 19.7.2 change “unhide automatic interface-based output rules”
- firewall: restore automatic outbound NAT pre-19.7 behaviour which excludes gateways not configured and not dynamic
- firewall: add logging toggle to rules overview (contributed by johnaheadley)
- firewall: DHCPv6 relay would generate rules even if not enabled
- firmware: only do single-repository fingerprint verify defaulting to our OPNsense repository
- firmware: fix base and kernel package listing
- intrusion detection: show change message after toggle or save
- intrusion detection: rule download fix
- monit: add parent devices to interface list (contributed by Frank Brendel)
- monit: fix standard configuration migration (contributed by Frank Brendel)
- reporting: skip illegal NetFlow records in flow parser
- opendns: migrate update hook from DynDNS plugin to core to make it fully automatic
- backend: fix exception message string handling in Python 3
- backend: add help to pluginctl utility
- backend: configctl event handler support
- mvc: log API key when authentication failed
- ui: more consistent HTML (contributed by gisforgirard)
- ui: sidebar bug fix (contributed by Team Rebellion)
- ui: fix initFormAdvancedUI() on initial load
- plugins: os-acme-client 1.25[1]
- plugins: os-bind 1.7[2]
- plugins: os-dyndns 1.17 removes OpenDNS and fixes DyNS
- plugins: os-haproxy 2.18[3]
- plugins: os-maltrail 1.1[4]
- plugins: os-nginx log rotation fix (contributed by Fabian Franz)
- plugins: os-postfix 1.10[5]
- plugins: os-smart 2.1 fixes widget status and adds NVMe disk support (contributed by irokinet and ATL)
- plugins: os-theme-cicada 1.19 (contributed by Team Rebellion)
- plugins: os-theme-tukan 1.19 (contributed by Team Rebellion)
- plugins: os-wireguard 1.1[6]
- src: fix incorrect exception handling in libunwind[7]
- src: fix multiple vulnerabilities in bzip2[8]
- src: fix ICMPv6 / MLDv2 out-of-bounds memory access[9]
- src: fix insufficient message length validation in bsnmp library[10]
- src: fix insufficient validation of guest-supplied data (e1000 device)[11]
- src: fix IPv6 remote denial of service[12]
- src: fix kernel memory disclosure from /dev/midistat[13]
- src: fix reference count overflow in mqueuefs[14]
- ports: hostapd 2.9[15]
- ports: nghttp2 1.39.2[16]
- ports: openldap 2.4.48[17]
- ports: perl 5.30.0[18]
- ports: php 7.2.21[19]
- ports: py-openssl 19.0.0[20]
- ports: syslog-ng 3.22.1[21]
- ports: wpa_supplicant 2.9[22]
OPNsense 19.7.2 Release Notes
- system: missing “” in legacy output via Syslog-ng
- system: fix writing gateway information for DNS servers
- system: allow gateway to work in DHCPv6 WAN when no router solicitation is available
- firewall: unhide automatic interface-based output rules
- firewall: unhide automatic non-interface-based floating rules
- firewall: lift length restriction in NAT rule description
- firewall: avoid newlines in rule descriptions
- firewall: only show usable addresses in NAT outbound rules
- interfaces: fix extended CARP output when parsing interface information
- interfaces: add more outputs to overview page to increase usefulness
- interfaces: use shared DHCP lease reader for ARP list
- captive portal: fix binary read issue in Python 3
- dhcp: fix DHCPv4 relay interface selection (contributed by jayantsahtoe)
- firmware: handle file signature verify correctly with multiple fingerprint repositories
- firmware: Aivian mirror is no longer active
- firmware: Cloudfence mirror in Brazil added
- plugins: os-acme-client 1.24[1]
- plugins: os-bind 1.6 (contributed by crazy-max)
- plugins: os-dnscrypt-proxy 1.5 (contributed by crazy-max)
- plugins: os-grid_example 1.0[2]
- plugins: os-helloworld Python 3 compatibility[3]
- plugins: os-nut 1.5 adds Riello driver (contributed by Michael Muenz)
- plugins: os-sunnyvalley 1.0[4][5]
- src: fix panic from Intel CPU vulnerability mitigation[6]
- src: fix multiple telnet client vulnerabilities[7]
- src: fix pts write-after-free[8]
- src: fix kernel memory disclosure in freebsd32_ioctl[9]
- src: fix reference count overflow in mqueuefs[10]
- src: fix byhve out-of-bounds read in XHCI device[11]
- src: fix file descriptor reference count leak[12]
- ports: libevent 2.1.11[13]
OPNsense 19.7.1 Release Notes
- system: do not create automatic copies of existing gateways
- system: do not translate empty tunables descriptions
- system: remove unwanted form action tags
- system: do not include Syslog-ng in rc.freebsd handler
- system: fix manual system log stop/start/restart
- system: scoped IPv6 “%” could confuse mwexecf(), use plain mwexec() instead
- system: allow curl-based downloads to use both trusted and local authorities
- system: fix group privilege print and correctly redirect after edit
- system: use cached address list in referrer check
- system: fix Syslog-ng search stats
- firewall: HTML-escape dynamic entries to display aliases
- firewall: display correct IP version in automatic rules
- firewall: fix a warning while reading empty outbound rules configuration
- firewall: skip illegal log lines in live log
- interfaces: performance improvements for configurations with hundreds of interfaces
- reporting: performance improvements for Python 3 NetFlow aggregator rewrite
- dhcp: move advanced router advertisement options to correct config section
- ipsec: replace global array access with function to ensure side-effect free boot
- ipsec: change DPD action on start to “dpdaction = restart”
- ipsec: remove already default “dpdaction = none” if not set
- ipsec: use interface IP address in local ID when doing NAT before IPsec
- web proxy: fix database reset for Squid 4 by replacing use of ssl_crtd with security_file_certgen
- plugins: os-acme-client 1.24[1]
- plugins: os-bind 1.6[2]
- plugins: os-dnscrypt-proxy 1.5[3]
- plugins: os-frr now restricts characters BGP prefix-list and route-maps[4]
- plugins: os-google-cloud-sdk 1.0[5]
- ports: curl 7.65.3[6]
- ports: monit 5.26.0[7]
- ports: openssh 8.0p1[8]
- ports: php 7.2.20[9]
- ports: python 3.7.4[10]
- ports: sqlite 3.29.0[11]
- ports: squid 4.8[12]
Antworten