Good morning,

Today the following CVEs are being addressed:

CVE-2021-3711, CVE-2021-3712, CVE-2021-23840, CVE-2021-23841

Please note that the Let's Encrypt client plugin is now called ACME client since acme.sh version 3 does support multiple providers.

Apart from the usual batch of fixes the work on RSS (receive side scaling) is progressing and groundwork has already made it to the kernel along with the libnetmap library for allowing better scaling in netmap mode along with it. At this point, however, RSS is not yet enabled and there is no impact on existing setups. That will likely change with one of the next stable versions in this series.

On the other hand, the work for FreeBSD 13 migration in 22.1 is ongoing as well to be able to test this rather sooner than later. In this iteration we will take the time to look at shared forwarding edge cases and have already upstreamed a number of patches that have been accumulated over the last couple of years to keep our code base light and tidy.

Here are the full patch notes:

A hotfix release was issued as 21.7.2_1:


Stay safe,
Your OPNsense team