changelogs
This commit is contained in:
parent
6f516cf23b
commit
5b694358f7
|
@ -16,6 +16,134 @@ the images can be found below as well.
|
|||
https://downloads.opnsense.com/
|
||||
|
||||
|
||||
--------------------------------------------------------------------------
|
||||
22.10.1 (February 01, 2023)
|
||||
--------------------------------------------------------------------------
|
||||
|
||||
This business release is based on the OPNsense 22.7.11 community version
|
||||
with additional reliability improvements.
|
||||
|
||||
Here are the full patch notes:
|
||||
|
||||
* system: fix getOID() call for phpseclib 3 while processing CSR
|
||||
* system: avoid error on installer user creation
|
||||
* system: show booting banner on dashboard
|
||||
* system: add statistics tree view containing vmstat memory characteristics
|
||||
* system: explicitly reopen main log file in case another log file was used and closed
|
||||
* system: tweak log_msg() to prepare log level adjustments migration away from log_error()
|
||||
* system: enforce config reload to fetch group membership in authentication tester
|
||||
* system: separate interface type icon from name column in interface widget
|
||||
* system: change system log default to "Notice"
|
||||
* system: UX tweaks on activity page
|
||||
* system: revised backend daemon startup delay
|
||||
* system: drop empty plugins_run() result
|
||||
* system: fix internal CRL check (contributed by kulikov-a)
|
||||
* system: add group (class) sync and user creation for RADIUS authentication
|
||||
* system: show and search ACL endpoints in privilege selector
|
||||
* system: replace a number of log_error() calls with log_msg() equivalent
|
||||
* system: improve SSH lockout behaviour
|
||||
* system: fix a few minor Coverity Scan reports in PHP and Python `[1] <https://scan.coverity.com/projects/opnsense-core>`__
|
||||
* interfaces: show attached interface for VLAN device in overview
|
||||
* interfaces: packet capture MVC/API replacement
|
||||
* interfaces: fix ARP table name resolve backend issue (contributed by soif)
|
||||
* interfaces: migrate main clearing of interface data to ifctl
|
||||
* interfaces: fix display of special HTML characters in packet capture
|
||||
* interfaces: retain existing PPP settings on saving interface settings
|
||||
* interfaces: delete the correct lock of PPP device
|
||||
* interfaces: fix variable use in interface_proxyarp_configure()
|
||||
* interfaces: use get_interface_list() to identify hardware devices
|
||||
* interfaces: fix single ACL use for MVC/API interface pages
|
||||
* firewall: off-by-one in regex for target port range parse
|
||||
* firewall: support Maxmind unclassified "EU" as selectable country
|
||||
* firewall: fix possible race condition when changing limit in live log
|
||||
* firewall: fix sorting bug in aliases list
|
||||
* firewall: allow the use of "dynamic" interface types in shaper, e.g. IPsec devices
|
||||
* firewall: wrap user rule registration in new function filter_core_rules_user()
|
||||
* firewall: simplify rule lookup by using filter_core_rules_user()
|
||||
* firewall: allow external dynamic address in NPT
|
||||
* firewall: remove extended VIP expansion from NAT rules
|
||||
* firewall: fix live view hostname lookup may result in HTTP 431 error
|
||||
* firewall: add category selection to aliases
|
||||
* firewall: sates page performance improvements and better address parsing in search
|
||||
* firewall: reuse "hostid" on filter reload events
|
||||
* firewall: show automated "port 0" rule as actual port "0" on PHP 8
|
||||
* reporting: fix incompatible regex syntax in FreeBSD 13.1 for firewall state health statistics
|
||||
* reporting: bail DNS resolve in traffic graphs when resolver is not configured
|
||||
* captive portal: for static MAC assignments make sure that the IP address actually changed before updating it
|
||||
* dnsmasq: remove expired root trust anchor (contributed by Johnny S. Lee)
|
||||
* firmware: always fetch the signature file to avoid signature issues after upgrades
|
||||
* firmware: use effective ABI in changelog fetch
|
||||
* firmware: ignore automatic business plugin and license hint
|
||||
* ipsec: missing return in controller
|
||||
* ipsec: remove side effect host route removal from Phase 1 page
|
||||
* ipsec: allow to search all phase 2 entries via API call
|
||||
* ipsec: default log should be set to "basic" but PHP 8 disagreed
|
||||
* openvpn: use ifctl in link up/down scripts
|
||||
* openvpn: remove unused "pool_enable" attribute
|
||||
* unbound: move the removal of pluggable files above the configuration check
|
||||
* unbound: remove 127/8 from private-address block when rebind protection is enabled
|
||||
* unbound: make the default private-address items configurable via the advanced page
|
||||
* unbound: fix possible error while opening DoT page
|
||||
* unbound: do not stop on potential errors in start script
|
||||
* unbound: rework DNSBL implementation to Python module
|
||||
* unbound: fix blocklist use with DNS64 mode (contributed by kulikov-a)
|
||||
* unbound: change working directory before checking configuration
|
||||
* unbound: introduce blocklist module changes for upcoming 23.1
|
||||
* unbound: fix log message blocklist item count (contributed by kulikov-a)
|
||||
* unbound: also change working dir for unbound-checkconf in start script (contributed by kulikov-a)
|
||||
* unbound: fix missing query_reply property leading to an AttributeError
|
||||
* unbound: safeguard retrieval of blocklist shortcode
|
||||
* web proxy: fix broken "Google GSuite restricted" option
|
||||
* backend: wait 1 second for configd socket to become available
|
||||
* backend: clean up scripts/systemheath location
|
||||
* backend: moved log format definitions to new location for core and several plugins
|
||||
* mvc: when multiple validation messages are returned wrap each message in a div tag
|
||||
* mvc: translate a base field error
|
||||
* mvc: change default sorting to case-insensitive
|
||||
* mvc: move JavaScript and CSS imports to base controller
|
||||
* mvc: make sure HostnameField with ZoneRootAllowed accepts "@." prefix
|
||||
* mvc: fix IntegerField minimum value (contributed by xbb)
|
||||
* rc: remove obsolete NAME_var_script and NAME_var_mfs support
|
||||
* ui: unicode content for tokenizer (contributed by kulikov-a)
|
||||
* plugins: migrate all plugins to NAME_setup script use
|
||||
* plugins: $verbose argument in plugins_run() is spurious
|
||||
* plugins: os-acme-client 3.15 `[2] <https://github.com/opnsense/plugins/blob/stable/22.7/security/acme-client/pkg-descr>`__
|
||||
* plugins: os-apcupsd 1.1 `[3] <https://github.com/opnsense/plugins/blob/stable/22.7/sysutils/apcupsd/pkg-descr>`__
|
||||
* plugins: os-clamav 1.8 `[4] <https://github.com/opnsense/plugins/blob/stable/22.7/security/clamav/pkg-descr>`__
|
||||
* plugins: os-ddclient IPv6 parsing fix `[5] <https://github.com/opnsense/plugins/blob/stable/22.7/dns/ddclient/pkg-descr>`__
|
||||
* plugins: os-freeradius is no longer available for LibreSSL to allow updates of FreeRADIUS software
|
||||
* plugins: os-frr 1.31 `[6] <https://github.com/opnsense/plugins/blob/stable/22.7/net/frr/pkg-descr>`__
|
||||
* plugins: os-haproxy 3.12 `[7] <https://github.com/opnsense/plugins/blob/stable/22.7/net/haproxy/pkg-descr>`__
|
||||
* plugins: os-maltrail 1.10 `[8] <https://github.com/opnsense/plugins/blob/stable/22.7/security/maltrail/pkg-descr>`__
|
||||
* plugins: os-nginx 1.31 `[9] <https://github.com/opnsense/plugins/blob/stable/22.7/www/nginx/pkg-descr>`__
|
||||
* plugins: os-openconnect 1.4.3 `[10] <https://github.com/opnsense/plugins/blob/stable/22.7/security/openconnect/pkg-descr>`__
|
||||
* plugins: os-rfc2136 1.7 fixes key format issue with latest bind-tools update
|
||||
* plugins: os-stunnel fixes missing include in certificate script
|
||||
* plugins: os-telegraf 1.12.7 `[11] <https://github.com/opnsense/plugins/blob/stable/22.7/net-mgmt/telegraf/pkg-descr>`__
|
||||
* plugins: os-theme-cicada 1.31 (contributed by Team Rebellion)
|
||||
* plugins: os-theme-vicuna 1.43 (contributed by Team Rebellion)
|
||||
* plugins: os-tor 1.9 enables hardware acceleration (contributed by haarp)
|
||||
* plugins: os-wireguard 1.13 `[12] <https://github.com/opnsense/plugins/blob/stable/22.7/net/wireguard/pkg-descr>`__
|
||||
* ports: curl 7.87.0 `[13] <https://curl.se/changes.html#7_87_0>`__
|
||||
* ports: dnsmasq 2.88 `[14] <https://www.thekelleys.org.uk/dnsmasq/CHANGELOG>`__
|
||||
* ports: expat 2.5.0 `[15] <https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes>`__
|
||||
* ports: krb5 1.20.1 `[16] <https://web.mit.edu/kerberos/krb5-1.20/>`__
|
||||
* ports: libxml 2.10.3 `[17] <http://www.xmlsoft.org/news.html>`__
|
||||
* ports: nss 3.87 `[18] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html>`__
|
||||
* ports: openssl 1.1.1s `[19] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__
|
||||
* ports: openvpn 2.5.8 `[20] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25#Changesin2.5.8>`__
|
||||
* ports: pcre 10.42 `[21] <https://www.pcre.org/changelog.txt>`__
|
||||
* ports: phalcon 5.1.4 `[22] <https://github.com/phalcon/cphalcon/releases/tag/v5.1.4>`__
|
||||
* ports: php 8.0.27 `[23] <https://www.php.net/ChangeLog-8.php#8.0.27>`__
|
||||
* ports: phpseclib 3.0.18 `[24] <https://github.com/phpseclib/phpseclib/releases/tag/3.0.18>`__
|
||||
* ports: python 3.9.16 `[25] <https://docs.python.org/release/3.9.16/whatsnew/changelog.html>`__
|
||||
* ports: sqlite 3.40.1 `[26] <https://sqlite.org/releaselog/3_40_1.html>`__
|
||||
* ports: strongswan 5.9.9 `[27] <https://github.com/strongswan/strongswan/releases/tag/5.9.9>`__
|
||||
* ports: suricata 6.0.9 `[28] <https://suricata.io/2022/11/29/suricata-6-0-9-released/>`__
|
||||
* ports: unbound 1.17.1 `[29] <https://nlnetlabs.nl/projects/unbound/download/#unbound-1-17-1>`__
|
||||
|
||||
|
||||
|
||||
--------------------------------------------------------------------------
|
||||
22.10 (October 26, 2022)
|
||||
--------------------------------------------------------------------------
|
||||
|
|
|
@ -57,7 +57,7 @@ Here are the full patch notes:
|
|||
* reporting: fix incompatible regex syntax in FreeBSD 13.1 for firewall state health statistics
|
||||
* unbound: safeguard retrieval of blocklist shortcode
|
||||
* mvc: fix IntegerField minimum value (contributed by xbb)
|
||||
* plugins: acme-client 3.15 `[2] <https://github.com/opnsense/plugins/blob/stable/22.7/security/acme-client/pkg-descr>`__
|
||||
* plugins: os-acme-client 3.15 `[2] <https://github.com/opnsense/plugins/blob/stable/22.7/security/acme-client/pkg-descr>`__
|
||||
* plugins: os-stunnel fixes missing include in certificate script
|
||||
* ports: curl 7.87.0 `[3] <https://curl.se/changes.html#7_87_0>`__
|
||||
* ports: nss 3.87 `[4] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html>`__
|
||||
|
@ -68,6 +68,10 @@ Here are the full patch notes:
|
|||
* ports: strongswan 5.9.9 `[9] <https://github.com/strongswan/strongswan/releases/tag/5.9.9>`__
|
||||
* ports: unbound 1.17.1 `[10] <https://nlnetlabs.nl/projects/unbound/download/#unbound-1-17-1>`__
|
||||
|
||||
A hotfix release was issued as 22.7.11_1:
|
||||
|
||||
* firmware: enable upgrade path to 23.1 (OpenSSL only)
|
||||
|
||||
|
||||
|
||||
--------------------------------------------------------------------------
|
||||
|
|
|
@ -133,6 +133,21 @@ Here are the full patch notes against 22.7.11:
|
|||
* ports: php 8.1.14 `[11] <https://www.php.net/ChangeLog-8.php#8.1.14>`__
|
||||
* ports: sudo 1.9.12p2 `[12] <https://www.sudo.ws/stable.html#1.9.12p2>`__
|
||||
|
||||
A hotfix release was issued as 23.1_6:
|
||||
|
||||
* system: incorrect link to CARP status page on dashboard widget
|
||||
* reporting: bail DNS resolve in traffic graphs when resolver is not configured
|
||||
* captive portal: for static MAC assignments make sure that the IP address actually changed before updating it
|
||||
* ipsec: missing a bracket for agressive mode selection
|
||||
* ipsec: mute a spurious boot warning
|
||||
* ipsec: myid may be be optional
|
||||
* plugins: os-bind fix plugin directory path
|
||||
* plugins: os-ddclient minor PHP fix
|
||||
* plugins: os-frr allow restart via cron
|
||||
* plugins: os-nut wrong user for latest port
|
||||
* plugins: os-upnp typo in log level
|
||||
* plugins: os-wireguard service widget fix
|
||||
|
||||
Migration notes, known issues and limitations:
|
||||
|
||||
* LibreSSL flavour has been discontinued. Switch to OpenSSL flavour to proceed with the upgrade.
|
||||
|
@ -275,7 +290,7 @@ Here are the full patch notes against 22.7.10:
|
|||
* mvc: add TextField tests (contributed by agh1467)
|
||||
* ui: assorted improvements in bootgrid and form controls
|
||||
* ui: switch to pure JSON data in bootgrids
|
||||
* plugins: acme-client 3.15 `[2] <https://github.com/opnsense/plugins/blob/stable/23.1/security/acme-client/pkg-descr>`__
|
||||
* plugins: os-acme-client 3.15 `[2] <https://github.com/opnsense/plugins/blob/stable/23.1/security/acme-client/pkg-descr>`__
|
||||
* plugins: os-bind 1.25 `[3] <https://github.com/opnsense/plugins/blob/stable/23.1/dns/bind/pkg-descr>`__
|
||||
* plugins: os-ddclient 1.11 `[4] <https://github.com/opnsense/plugins/blob/stable/23.1/dns/ddclient/pkg-descr>`__
|
||||
* plugins: os-dyndns end of life note moves to 23.7
|
||||
|
|
Loading…
Reference in New Issue