Menü Schließen

OPNsense 20.7 Legendary Lion und Patch 20.7.1

OPNsense Logo

Die beliebte Open-Source Firewall, OPNsense, erhielt ende Juli das Update zur nächst größeren Version 20.7 “Legendary Lion”. Vor zwei Wochen veröffentlichten die Entwickler dann den ersten Patch der einige Sicherheitslücken schließt und Patches durchführt. Beide Updates benötigen mindestens einen Neustart.

OPNsense 20.7 bringt DHCPv6 multi-WAN, custom error pages für den Webproxy, Suricata 5, HardenedBSD 12.1, netstat tree view, Basic Firewall API Support (via plugin) und erweiterte Live Log Filter uvm.

OPNsense 20.7.1 Release Notes

system: split log process name into separate column
o system: filter new style log directories accordingly
o system: add delay to improve syslog-ng startup
o system: properly switch login page to latest jQuery 3.5.1
o firewall: add select boxes for static filters in live log
o firmware: ignore mandoc.db files in health output as the system will regenerate them weekly
o firmware: bring back Chinese Aivian mirror
o firmware: remove defunct and RageNetwork mirrors
o web proxy: add JSON output following Elastic Common Schema (sponsored by Incenter Technology)
o backend: cap log messages to 4000 characters to prevent longer messages from vanishing
o plugins: os-acme-client 1.35[1]
o plugins: os-frr 1.15[2]
o plugins: os-postfix 1.15[3]
o plugins: os-udpbroadcastrelay 1.0 (contributed by Team Rebellion)
o src: set the current VNET before calling netisr_dispatch() in ng_iface(4)
o src: assorted multicast group join/leave corrections
o src: fix vmx driver packet loss and degraded performance[4]
o src: fix memory corruption in USB network device driver[5]
o src: fix multiple vulnerabilities in sqlite3[6]
o src: fix sendmsg(2) privilege escalation[7]
o ports: perl 5.32.0[8]
o ports: squid 4.12[9]


OPNsense 20.7. Legendary Lion Release Notes

o system: syslog-ng RFC5424 on FreeBSD 12 needs flags(syslog-protocol)
o installer: welcome users as genuine 20.7 installer
o web proxy: do not try to force cachemanager access to use ICAP
o plugins: os-collectd 1.3[2]
o plugins: os-zabbix5-proxy 1.3[3]
o src: prevent netgraph page fault for LTE usage
o ports: dnsmasq 2.82[4]
o ports: monit 5.27.0[5]
o ports: nss 3.55[6]
o ports: sudo 1.9.2[7]

Known issues and limitations:

o legacy MPD5 plugins os-l2tp, os-pppoe and os-pptp are longer available
o i386 architecture builds are no longer available


Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert