diff --git a/source/CE_releases.rst b/source/CE_releases.rst index 4b91b5cd..7d7aeb21 100644 --- a/source/CE_releases.rst +++ b/source/CE_releases.rst @@ -8,7 +8,7 @@ Community Edition :width: 600px :align: center -As of January 2015 there have been *237* releases leading to the latest version *22.7.6* +As of January 2015 there have been *239* releases leading to the latest version *22.7.8* named "Powerful Panther". diff --git a/source/releases/CE_18.7.rst b/source/releases/CE_18.7.rst index 8a4bcc52..06c69f8c 100644 --- a/source/releases/CE_18.7.rst +++ b/source/releases/CE_18.7.rst @@ -167,7 +167,7 @@ A hotfix release was issued as 18.7.10_4: To keep it snappy: enclosed are assorted updates and fixes, a new dnscrypt-proxy plugin as well as security updates from FreeBSD and -third parties. Happy patchday! +third parties. Happy patch day! Here are the full patch notes: diff --git a/source/releases/CE_22.7.rst b/source/releases/CE_22.7.rst index 26b3f097..46c227c5 100644 --- a/source/releases/CE_22.7.rst +++ b/source/releases/CE_22.7.rst @@ -34,6 +34,141 @@ can be found below as well. * Full mirror list: https://opnsense.org/download/ +-------------------------------------------------------------------------- +22.7.8 (November 17, 2022) +-------------------------------------------------------------------------- + + +This is a small maintenance and security update. You will notice that +LibreSSL no longer works with FreeRADIUS software due to hiding library +internals that are used by the software. Your current install will +continue to work, but we would recommend switching to OpenSSL to receive +FreeRADIUS updates as they become available. + +Also, the infamous log_error() message is being phased out in the development +version to end the questions of "Why is this log message an error?" and so +with log_msg() each log line receives a more appropriate log level between +error, warning and notice. + +Here are the full patch notes: + +* system: add statistics tree view containing vmstat memory characteristics +* system: explicitly reopen main log file in case another log file was used and closed +* system: tweak log_msg() to prepare log level adjustments migration away from log_error() +* system: enforce config reload to fetch group membership in authentication tester +* system: separate interface type icon from name column in interface widget +* system: change system log default to "Notice" +* system: UX tweaks on activity page +* system: revised backend daemon startup delay +* system: drop empty plugins_run() result +* interfaces: migrate main clearing of interface data to ifctl +* interfaces: fix display of special HTML characters in packet capture +* interfaces: retain existing PPP settings on saving interface settings +* interfaces: delete the correct lock of PPP device +* interfaces: fix variable use in interface_proxyarp_configure() +* firewall: wrap user rule registration in new function filter_core_rules_user() +* firewall: simplify rule lookup by using filter_core_rules_user() +* firewall: allow external dynamic address in NPT +* firewall: remove extended VIP expansion from NAT rules +* firewall: fix live view hostname lookup may result in HTTP 431 error +* ipsec: remove side effect host route removal from Phase 1 page +* unbound: do not stop on potential errors in start script +* plugins: os-freeradius is no longer available for LibreSSL to allow updates of FreeRADIUS software +* plugins: os-nginx 1.31 `[1] `__ +* plugins: os-wireguard now skips invalid peers for dashboard widget (contributed by jkellerer) +* ports: expat 2.5.0 `[2] `__ +* ports: krb5 1.20.1 `[3] `__ +* ports: nss 3.85 `[4] `__ +* ports: phalcon 5.1.1 `[5] `__ +* ports: sudo 1.9.12p1 `[6] `__ + + + +-------------------------------------------------------------------------- +22.7.7 (November 03, 2022) +-------------------------------------------------------------------------- + + +We replaced the packet capture tool with a MVC/API rewrite and +updated most plugins to use the new setup script facility when +doing a start/restart/reload through the RC system. + +A number of FreeBSD kernel improvements have been included as well. + +Although OpenSSL is being updated keep in mind that the current +popular vulnerability only exists in version 3 and we still use +1.1.1. + +Here are the full patch notes: + +* system: fix getOID() call for phpseclib 3 while processing CSR +* system: avoid error on installer user creation +* system: show booting banner on dashboard +* interfaces: show attached interface for VLAN device in overview +* interfaces: packet capture MVC/API replacement +* interfaces: fix ARP table name resolve backend issue (contributed by soif) +* firewall: off-by-one in regex for target port range parse +* firewall: support Maxmind unclassified "EU" as selectable country +* firewall: fix possible race condition when changing limit in live log +* firewall: fix sorting bug in aliases list +* firewall: allow the use of "dynamic" interface types in shaper, e.g. IPsec devices +* dnsmasq: remove expired root trust anchor (contributed by Johnny S. Lee) +* firmware: always fetch the signature file to avoid signature issues after upgrades +* firmware: use effective ABI in changelog fetch +* firmware: ignore automatic business plugin and license hint +* intrusion detection: missing OPNsense categories +* ipsec: missing return in controller +* openvpn: use ifctl in link up/down scripts +* unbound: move the removal of pluggable files above the configuration check +* unbound: remove 127/8 from private-address block when rebind protection is enabled +* unbound: make the default private-address items configurable via the advanced page +* unbound: fix possible error while opening DoT page +* mvc: when multiple validation messages are returned wrap each message in a div tag +* mvc: prevent UserExceptions to end up in the crash reporter +* mvc: translate a base field error +* backend: wait 1 second for configd socket to become available +* console: store UUID for VLAN device +* rc: remove obsolete NAME_var_script and NAME_var_mfs support +* plugins: migrate all plugins to NAME_setup script use +* plugins: $verbose argument in plugins_run() is spurious +* plugins: os-acme-client 3.14 `[1] `__ +* plugins: os-apcupsd 1.1 `[2] `__ +* plugins: os-frr 1.31 `[3] `__ +* plugins: os-haproxy 3.12 `[4] `__ +* plugins: os-maltrail 1.10 `[5] `__ +* plugins: os-openconnect 1.4.3 `[6] `__ +* plugins: os-telegraf 1.12.6 `[7] `__ +* plugins: os-tor 1.9 enables hardware acceleration (contributed by haarp) +* plugins: os-wireguard 1.13 `[8] `__ +* src: revert "e1000: try auto-negotiation for fixed 100 or 10 configuration" +* src: vxlan: check the size of data available in mbuf before using them +* src: vm_page: fix a logic error in the handling of PQ_ACTIVE operations `[9] `__ +* src: cam: provide compatibility for CAMGETPASSTHRU for periph drivers `[10] `__ +* src: loader: fix elf lookup_symbol type filtering `[11] `__ +* src: zfs: fix a pair of bugs in zfs_fhtovp() `[12] `__ +* src: zfs: fix use-after-free in btree code `[13] `__ +* src: tcp: finish SACK loss recovery on sudden lack of SACK blocks `[14] `__ +* src: igc: remove unnecessary PHY ID checks +* src: ixl: add support for I710 devices and remove non-inclusive language +* src: ixl: fix SR-IOV panics +* src: rc: run NAME_setup before RC_ARG_precmd +* src: u3g: add more USB IDs +* ports: libxml 2.10.3 `[15] `__ +* ports: nss 3.84 `[16] `__ +* ports: openssl 1.1.1s `[17] `__ +* ports: openvpn 2.5.8 `[18] `__ +* ports: phalcon 5.1.0 `[19] `__ +* ports: php 8.0.25 `[20] `__ +* ports: python 3.9.15 `[21] `__ +* ports: sudo 1.9.12 `[22] `__ +* ports: unbound 1.17.0 `[23] `__ + +A hotfix release was issued as 22.7.7_1: + +* openvpn: ifctl requires interface to operate + + + -------------------------------------------------------------------------- 22.7.6 (October 12, 2022) --------------------------------------------------------------------------