Hi there,
For more than 6 and a half years, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.
We thank all of you for helping test, shape and contribute to the project! We know it would not be the same without you. <3
Here are the full patch notes:
- system: prevent use of client certificates in web GUI
- system: hide far gateway option for IPv6
- system: isvalidpid() is not required for a single killbypid()
- system: fix PHP 7.4 deprecated warning in IPv6 library
- system: do not split XMLRPC password into multiple pieces
- system: enable group sync for LDAP servers that do not return memberOf (contributed by rdd2)
- interfaces: deprecate SLAAC addresses on linkdown
- firewall: possibility to filter nat/rdr action in live log
- firewall: use permanent promiscuous mode for pflog0
- dhcp: assorted improvements surrounding dhcpd_staticmap() for real world operation
- firmware: static template for firmware upgrade message
- installer: assorted wording improvements
- shell: fix IPv4 /31 assignment
- unbound: add "unbound check" backend action
- unbound: allow to retain cache on service reload
- unbound: fix /var MFS dilemma for DNSBL after boot
- unbound: remove deprecated custom options setting
- rc: opnsense-beep melody database directory
- plugins: os-acme-client 2.6[1]
- plugins: os-freeradius 1.9.15[2]
- plugins: os-haproxy 3.4[3]
- plugins: os-nextcloud-backup 1.0
- plugins: os-nginx Phalcon 4 fixes
- plugins: os-radsecproxy 1.0 (contributed by Tobias Boehnert)
- plugins: os-tor Phalcon 4 fix
- plugins: os-zabbix-agent 1.9[4]
- src: separately log NAT and firewall rules in pf(4)
- src: libcasper: fix descriptors numbers[5]
- src: linux: prevent integer overflow in futex_requeue[6]
- ports: clog 1.0.2 fixes garbage header write on init
- ports: php 7.4.21[7]
- ports: suricata 5.0.7[8]
Known issues and limitations:
- NextCloud backup feature moved from core to plugins. Please reinstall if needed.
- IPsec identities are now set using their explicit type. See StrongSwan documentation[9] for the old automatic defaults.
- Unbound custom options setting has been discontinued. Local override directory /usr/local/etc/unbound.opnsense.d exists.
Please let us know about your experience!
Stay safe,
Your OPNsense team