diff --git a/source/releases/BE_23.4.rst b/source/releases/BE_23.4.rst index 51f81449..f00c339c 100644 --- a/source/releases/BE_23.4.rst +++ b/source/releases/BE_23.4.rst @@ -15,6 +15,136 @@ the images can be found below as well. https://downloads.opnsense.com/ +-------------------------------------------------------------------------- +23.4.1 (June 14, 2023) +-------------------------------------------------------------------------- + +This business release is based on the OPNsense 23.1.9 community version +with additional reliability improvements. + +Here are the full patch notes: + +* system: register DNS service ports for unified use across core and plugins +* system: serialize deferred requests for web GUI restart +* system: relocate API messages to backend log target as they currently end up in captive portal logs +* system: allow non-system group delete after faulty PHP 8 warning fix (contributed by kulikov-a) +* system: restructure routing to carry out default gateway switching and address family specific reconfig +* system: prevent PHP session garbage collection from running early (contributed by lin-xianming) +* system: finish simplifying plugins_run() +* system: calling return_down_gateways() depends on default gateway switch setting +* system: open new session if missing to prevent spurious CRSF errors in static pages +* system: add device hint to empty interface address message in case of mismatch during default route attempt +* system: add kernel messages to the general system log +* system: make sure routing log messages all use "ROUTING:" prefix +* system: print warning for duplicated gateway name +* system: prefix API key filename with FQDN of this host +* system: fix MVC service page with ID-based reload like OpenVPN +* system: fix issue with route add command for far gateway static route (contributed by Daniel Mason) +* system: improve static routes error handling +* system: fix a typo and align "attribute" use in gateway edit page +* system: pluginctl: service mode can now batch-reload services when existing ID is omitted +* system: do not delete dpinger PID file +* reporting: sort interfaces by description in health graphs +* reporting: fix incorrect interface index in NetFlow init (contributed by Nicolas Thumann) +* interfaces: ping diagnostic tool was rewritten using MVC/API +* interfaces: ensure single PPP netgraph node has the proper name +* interfaces: reject invalid self-assignments in VLAN parent +* interfaces: migrate trace route page to MVC/API +* interfaces: migrate port probe page to MVC/API +* interfaces: remove indirection in PPP ports handling +* interfaces: exclude a few cases from PPPoEv6 negotiation +* interfaces: deal with "prefixv6" as an array +* interfaces: improve address cleanup when handling VIP modifications +* interfaces: explicitly report current IP address during renewal avoidance +* interfaces: patch in appropriate rebind/renew DHCPv6 handling +* interfaces: for static "Use IPv4 connectivity" on PPPoE bring up IPv6 routes as well +* interfaces: ifctl: fix typo causing content to be printed while adding it +* interfaces: ifctl: avoid null route on fragile /64 prefix delegation +* interfaces: ifctl: do not flush name server routes +* interfaces: deal with RENEW and REBIND only reporting partial PDINFO +* firewall: allow to create aliases for logged-in OpenVPN users `[1] `__ +* firewall: leave out fractional seconds from timestamps in aliases +* firewall: add missing scrub rules in dependency check for alias use +* firewall: usability improvements and cleanups in scheduler pages (contributed by kuya1284) +* firewall: add "set debug" and "set keepcounters" options to advanced options +* firewall: simplify rule edit layout slightly and fix unused element ID +* dhcp: fix too many addresses issue in radvd RDNSS setting +* dhcp: restart radvd on config changes, otherwise keep SIGHUP +* dhcp: when cleaning up static leases do not remove entries where only a MAC address is set +* dhcp: provide run task "static_mapping" to avoid polluting unrelated plugins +* dhcp: remove ::/64 magic as it uses AdvRouterAddr yes +* dnsmasq: use new run task "static_mapping" to collect static mappings from DHCP +* firmware: now that we have a full data model do not overdo cleanup during plugin registration +* firmware: remove flavouring support from update tools +* firmware: update size requirements for major upgrades from command line +* firmware: embed build metadata into package annotations for use in runtime remote queries +* firmware: fix execution of version queries when not possible +* firmware: revoke 22.7 fingerprint +* firmware: show support tiers in plugin list +* intrusion detection: minor performance improvements when parsing metadata from rules +* ipsec: pull data for dashboard widget exclusively from backend +* ipsec: move XAuth out of "IKE Extensions" block +* ipsec: add connection child as option for manual SPDs +* ipsec: another small GUI fix for basic log option in advanced settings +* ipsec: support the default selector ([dynamic]) when local_ts or remote_ts are left empty in connections +* monit: fix "not on" validation +* openvpn: fix dashboard widget and add missing byte data to status call +* openvpn: fix two widget display issues +* openvpn: use CARP INIT state the same way as BACKUP state for client start/stop +* openvpn: enable deferred authentication (sponsored by m.a.x. it) +* openvpn: fix a warning by passing a desirable empty input containing a slash +* unbound: minor improvements to handle "Dot" endpoints ambiguity +* unbound: fix migration edge case in model version 1.0.3 +* unbound: remove DNS blocklist start syshook causing an unnecessary download during bootup +* unbound: when called via GET during override creation encode using URLSearchParams() +* web proxy: allow more signs for username and password (contributed by Bi0T1N) +* web proxy: syslog parsing cleanup +* wizard: do not end up duplicating WAN_GW entry +* backend: improved nested command support, reorganise action types, use ActionFactory to offer the requested type +* backend: add "getUtcTime" template helper function +* mvc: change Phalcon logging to omit type and date +* mvc: add CIDRToMask() to utilities +* mvc: prevent config restore when writer has flushed or partly written the file +* mvc: format BaseModel logger to avoid duplicate timestamps +* ui: prevent crashing out when endpoint does not return data for SimpleActionButton +* plugins: os-OPNBEcore minor fixes and additions +* plugins: os-OPNcentral minor fixes and additions +* plugins: os-acme-client 3.17 `[2] `__ +* plugins: os-bind 1.26 `[3] `__ +* plugins: os-crowdsec 1.0.5 `[4] `__ +* plugins: os-ddclient 1.13 `[5] `__ +* plugins: os-dnscrypt-proxy 1.13 `[6] `__ +* plugins: os-nginx 1.32 `[7] `__ +* plugins: os-smart fix for highlighting result (contributed by Justin Horton) +* plugins: os-stunnel fix for missing OpenSSL CRL functions +* plugins: os-upnp now allows subnet mask 0 in rules (contributed by Reiko Asakura) +* src: bridge: add support for emulated netmap mode `[8] `__ +* src: epair: also remove vlan metadata from mbufs +* src: ifconfig: fix configuring if_bridge with additional operating parameters +* src: netmap: fix queue stalls with generic interfaces `[9] `__ +* src: netmap: assorted upstream stable patches +* src: sched_ule: assorted fixes to address issues on newer AMD platforms +* src: axgbe: fix link issues for gigabit external SFP PHYs and 100/1000 fiber modules +* src: axgbe: apply RRC to miibus attached PHYs and add support for variable bitrate 25G SFP+ DACs +* src: axgbe: properly release resource in error case +* src: ifconfig: improve VLAN identifier parsing +* src: pfsync: hold b_mtx for callout_stop(pd_tmo) +* src: pf: remove pd_refs from pfsync +* src: pf: deal with KPI change bug on stable/13 by redirecting otherwise crashing traffic through ip6_output() +* ports: curl 8.1.1 `[10] `__ +* ports: dhcp6c 20230530 +* ports: ifinfo now also prints interface index (contributed by Nicolas Thumann) +* ports: libxml 2.10.4 `[11] `__ +* ports: lighttpd 1.4.71 `[12] `__ +* ports: nss 3.89.1 `[13] `__ +* ports: openssh 9.3p1 `[14] `__ +* ports: openvpn 2.6.4 `[15] `__ +* ports: php 8.1.19 `[16] `__ +* ports: sqlite 3.42.0 `[17] `__ +* ports: suricata 6.0.12 `[18] `__ +* ports: syslog-ng 4.2.0 `[19] `__ + + -------------------------------------------------------------------------- 23.4 (April 25, 2023) -------------------------------------------------------------------------- diff --git a/source/releases/CE_23.1.rst b/source/releases/CE_23.1.rst index a156eb70..2858dd98 100644 --- a/source/releases/CE_23.1.rst +++ b/source/releases/CE_23.1.rst @@ -45,7 +45,7 @@ to land in the next development version most likely for a sneak preview. Here are the full patch notes: -* system: fix MFC service page with ID-based reload like OpenVPN +* system: fix MVC service page with ID-based reload like OpenVPN * system: fix issue with route add command for far gateway static route (contributed by Daniel Mason) * system: improve static routes error handling * system: fix a typo and align "attribute" use in gateway edit page