Good morning from Europe,

The user experience of several pages has been improved. And this update is also shipping several FreeBSD-based changes for further reliability as well as core fixes and improvements as they came up on GitHub or the forum in the last weeks.

A word of caution for third party repository users. FreeBSD currently changes a number of things in their ecosystem. The first change is the move of the "openssl" package to "openssl111" since the former is now based on version 3. This can and likely will disrupt updates of third party packages not having followed this change. While we want to use OpenSSL 3 eventually being in the middle of a stable run is not the time and place to do it. Secondly, FreeBSD makes its port stop relying on ca_root_nss package trust store provided by Mozilla which introduces technical barriers for integration of our own trust store. This update changes curl to not use the old bundle files, but then also ensures that the base system will register all CA certificates brought in by our trust store as well. The biggest caveat at the moment is that this process is slower than before and may end up untrusting user CAs if they happen to be on the FreeBSD-provided untrusted list. During upgrades you will see when it writes the trust files and bundles and if any errors occur.

In both instances we feel nothing can be gained in postponing these changes so we are carrying them out swiftly after ensuring they do the right thing for our user base and voicing our reservations where it matters.

You can also find and follow us on Bluesky now:

https://bsky.app/profile/opnsense.org

Here are the full patch notes:

A hotfix release was issued as 23.7.7_1:

A hotfix release was issued as 23.7.7_3:


Stay safe,
Your OPNsense team