From 37594abbc285af20d73ee685ad71d871ff6534a8 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Sat, 3 Feb 2024 08:16:22 +0100 Subject: [PATCH] changelogs --- source/releases/BE_23.10.rst | 88 ++++++++++++++++++++++++++++++++++++ source/releases/CE_23.7.rst | 6 +-- source/releases/CE_24.1.rst | 4 ++ 3 files changed, 95 insertions(+), 3 deletions(-) diff --git a/source/releases/BE_23.10.rst b/source/releases/BE_23.10.rst index d01e62b7..1f74f17c 100644 --- a/source/releases/BE_23.10.rst +++ b/source/releases/BE_23.10.rst @@ -16,6 +16,94 @@ the images can be found below as well. https://downloads.opnsense.com/ +-------------------------------------------------------------------------- +23.10.2 (February 02, 2024) +-------------------------------------------------------------------------- + +This business release is based on the OPNsense 23.7.12 community version +with additional reliability improvements. + +Here are the full patch notes: + +* system: add an optional random delay before executing remote backups +* system: fix regression in log viewer level selector +* system: implement relevant certctl tool functionality in Python to increase performance +* system: fix log severity selector (contributed by kulikov-a) +* system: include IPv6 link-local interface addresses for web GUI and OpenSSH (contributed by Maurice Walker) +* system: update cron and gateways model +* system: change ZFS transaction group defaults to avoid excessive disk wear `[1] `__ +* system: handle case insensitivity while reading groups +* system: shuffle authentication templates to the end of login configuration +* system: add "maxfilesize" option to enforce a log rotate when files exceed their limit +* reporting: OpenVPN server instances were missing from respective health graph +* reporting: assorted tweaks for the firmware upgrade script handling Unbound DNS database migration +* interfaces: add new backend jobs and extend with optional parameter +* interfaces: obey menu group sequence when specified +* firewall: improve alias write behaviour by checking for changes beforehand +* firewall: fix preg_replace() to avoid truncated network display in rules listing +* firewall: validate if GeoIP and BGP ASN targets contain at least 1 kb of data before assuming timestamp is correct +* firewall: align GeoIP file check with documentation +* firewall: add an ifconfig.debug file +* captive portal: fix integer validation in vouchers +* dhcp: cache backend action "interface list macdb" to increase responsiveness +* dhcp: allow saving with invalid range when IPv4 server is disabled +* dhcp: do not clobber $range_to / $range_from with the legacy test for lower 64 bit only input +* dhcp: improve the parsing code of IPv6 leases +* firmware: switch bogons/changelog set base URL to portable "opnsense-update -X" call +* firmware: opnsense-update: avoid rewriting .cshrc and .profile files on base set updates +* firmware: add audit messages for relevant API actions +* firmware: implement "always reboot" option +* firmware: add unlocked mode to launcher script +* firmware: use pluggable package repository scripts +* firmware: automatically install os-squid plugin install when web proxy is enabled before major upgrade +* firmware: refactor export and scrub Unbound DNS database before major upgrade +* firmware: disallow TLS lower than 1.3 on business mirror +* intrusion detection: show rule origin in rule adjustments grid +* ipsec: add support for RADIUS class groups in instances +* ipsec: extend connection proposals tooltip to children and fix tooltip style issue +* lang: assorted language updates +* network time: prevent the service from listening on a wildcard when selecting specific interfaces (contributed by doktornotor) +* openvpn: add virtual IPv6 address to widget and status page (contributed by cs-1) +* openvpn: consider clients missing CARP VHID as disabled +* openvpn: add validation for netmask greater than 29 exactly as specified in the OpenVPN source code +* openvpn: add workaround for net30/p2p smaller than /29 networks +* unbound: use tls-system-cert instead of tls-cert-bundle +* unbound: replace JustDomains with Firebog blocklists (contributed by Amy Nagle) +* unbound: update root hints +* backend: support streaming output using the "stream_output" handler +* backend: implement optional trust model and add extended logging +* backend: support optional configd configuration files +* backend: only parse stream results when configd socket could be opened +* mvc: add an IPPortField type +* mvc: split configdRun() in order to return a resource which the controller can stream with minimal memory consumption +* ui: fix the missing dialog padding in some modals +* ui: set a default data-size for increased readability in selectpickers +* ui: show tooltip when grid td content does not fit +* ui: add double click event to tree view to render a grid dialog +* ui: upgrade jqTree to version 1.7.5 +* plugins: os-OPNBEcore 1.3 adds "any interface" floating rule support +* plugins: os-OPNcentral 1.9 adds "any interface" floating rule support and fixes memory consumption with downloads +* plugins: os-acme-client 3.20 `[2] `__ +* plugins: os-bind 1.29 `[3] `__ +* plugins: os-ddclient 1.20 `[4] `__ +* plugins: os-dec-hw 1.0 is a Deciso hardware specific dashboard widget +* plugins: os-frr 1.38 `[5] `__ +* plugins: os-node_exporter 1.2 `[6] `__ +* plugins: os-sunnyvalley 1.4 switches to new repository layout +* plugins: os-telegraf 1.12.10 `[7] `__ +* plugins: os-upnp now reloads on newwanip event +* plugins: os-wireguard 2.6 `[8] `__ +* ports: curl 8.5.0 `[9] `__ +* ports: nss 3.95 `[10] `__ +* ports: perl 5.36.3 `[11] `__ +* ports: php 8.2.14 `[12] `__ +* ports: phpseclib 3.0.34 `[13] `__ +* ports: py-netaddr 0.10.1 `[14] `__ +* ports: squid 6.6 `[15] `__ +* ports: sudo 1.9.15p5 `[16] `__ + + + -------------------------------------------------------------------------- 23.10.1 (December 13, 2023) -------------------------------------------------------------------------- diff --git a/source/releases/CE_23.7.rst b/source/releases/CE_23.7.rst index b5b77e7b..4bcb0010 100644 --- a/source/releases/CE_23.7.rst +++ b/source/releases/CE_23.7.rst @@ -63,11 +63,11 @@ Here are the full patch notes: * ui: show tooltip when grid td content does not fit * plugins: os-bind 1.29 `[2] `__ * plugins: os-ddclient 1.20 `[3] `__ -* plugins: os-frr 1.38[4 +* plugins: os-frr 1.38 `[4] `__ * plugins: os-node_exporter 1.2 `[5] `__ * plugins: os-sunnyvalley 1.4 switches to new repository layout -* ports: py-netaddr 0.10.1 -* ports: sudo 1.9.15p5 +* ports: py-netaddr 0.10.1 `[6] `__ +* ports: sudo 1.9.15p5 `[7] `__ A hotfix release was issued as 23.7.12_5: diff --git a/source/releases/CE_24.1.rst b/source/releases/CE_24.1.rst index b2ab7b02..7047d624 100644 --- a/source/releases/CE_24.1.rst +++ b/source/releases/CE_24.1.rst @@ -136,6 +136,10 @@ Here are the full patch notes against 23.7.12: * ports: sqlite 3.45.0 `[8] `__ * ports: suricata 7.0.2 `[9] `__ +A hotfix release was issued as 24.1_1: + +* ports: revert back to suricata 6.0.15 for the time being + Migration notes, known issues and limitations: * Audits and certifications are requiring us to restrict system accounts for non-administrators (without wheel group in particular). It will no longer be able to use non-adminstrator accounts with shell access and permissions for sensitive files have been tightened to not be world-readable. This may cause custom tooling to stop working, but can easily be fixed by giving these required accounts the full administration rights.