OPNsense 21.1.4 Bugfix Release

Das Update umfasst neben dem Update von Suricata 6.0.2 auch Verbesserungen im DHCP Static Mapping, dass nun besser mit IPv6 Präfix bei der Nutzung von Unbound und Dnsmasq Host Registrierung, umgeht. Es wurde weiterhin viel Entwicklung in die kommende Business Edition 21.4 gesteckt, die sich nun weiter von der Community Edition unterscheidet. So gibt es für die Businessedition weitere Plugins wie das central management tasks.

OPNsense 21.1.4 Release Notes

system: add assorted missing configuration sections for high availability sync
o system: restart web GUI with delay from services to prevent session disconnect
o system: improve error reporting in LDAP authentication (contributed by kulikov-a)
o system: changed USB serial option to use “on” instead of problematic “onifconsole”
o system: ignore garbled data in log lines
o system: fix single core activity display
o interfaces: immediately enable SLAAC during IPv6 initiation
o interfaces: fix a typo in the GIF setup code
o firewall: allow to select rules with no category set
o firewall: sort pfTable results before slice (contributed by kulikov-a)
o firewall: make categories work with numbers only (contributed kulikov-a)
o reporting: skip damaged NetFlow records
o dhcp: correct help text for IPv6 ranges (contributed by Team Rebellion)
o dhcp: remove obsolete subnet validation for static entries
o firmware: refine missing/invalid signature message during health check (contributed by Erik Inge Bolso)
o firmware: zap changelog remove description (contributed by Jacek Tomasiak)
o firmware: make status API endpoint synchronous when using POST
o openvpn: remove checks for NTP servers 3 and 4 (contributed by Christian Brueffer)
o unbound: Fix PTR records for DHCP endpoints (contributed by Gareth Owen)
o ui: use HTTPS everywhere (contributed by Robin Schneider)
o ui: bootgrid translation compatibility with Internet Explorer 11 (contributed by kulikov-a)
o plugins: add service annotations to supported plugins
o plugins: os-freeradius 1.9.10[2]
o plugins: os-haproxy 3.1[3]
o plugins: os-stunnel 1.0.3 adds client mode (contributed by Nicola Bonavita)
o plugins: os-telegraf 1.9.0[4]
o plugins: os-theme-cicada 1.28 (contributed by Team Rebellion)
o plugins: os-theme-tukan 1.25 (contributed by Team Rebellion)
o plugins: os-theme-vicuna 1.4 (contributed by Team Rebellion)
o plugins: os-wireguard 1.5[5]
o plugins: os-wol 2.4 fixes dashboard widget (contributed by kulikov-a)
o src: fix multiple OpenSSL vulnerabilities[6]
o ports: ca_root_nss / nss 3.63[7]
o ports: libressl 3.2.5[8]
o ports: openldap 2.4.58[9]
o ports: openssh fix for double free in ssh-agent[10]
o ports: openssl 1.1.1k[11]
o ports: sudo 1.9.6p1[12]
o ports: suricata 5.0.6[13]
o ports: syslog-ng 3.31.2[14]
o ports: wpa_supplicant p2p vulnerability[15]

Stay safe,
Your OPNsense team

[1] https://github.com/opnsense/core/commits/stable/21.4
[2] https://github.com/opnsense/plugins/blob/stable/21.1/net/freeradius/pkg-descr
[3] https://github.com/opnsense/plugins/blob/stable/21.1/net/haproxy/pkg-descr
[4] https://github.com/opnsense/plugins/blob/stable/21.1/net-mgmt/telegraf/pkg-descr
[5] https://github.com/opnsense/plugins/blob/stable/21.1/net/wireguard/pkg-descr
[6] https://www.freebsd.org/security/advisories/FreeBSD-SA-21:07.openssl.asc
[7] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.63_release_notes
[8] https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.5-relnotes.txt
[9] https://www.openldap.org/software/release/changes.html
[10] https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/015_sshagent.patch.sig
[11] https://www.openssl.org/news/openssl-1.1.1-notes.html
[12] https://www.sudo.ws/stable.html#1.9.6p1
[13] https://suricata-ids.org/2021/03/02/suricata-6-0-2-and-5-0-6-released/
[14] https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.31.2
[15] https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.