From d62fcf684f921b50fb536b1bbaf883c9c5951e74 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Tue, 21 Mar 2023 16:57:03 +0100
Subject: [PATCH] changelogs

---
 source/CE_releases.rst      |  2 +-
 source/releases/CE_23.1.rst | 74 +++++++++++++++++++++++++++++++++++++
 2 files changed, 75 insertions(+), 1 deletion(-)

diff --git a/source/CE_releases.rst b/source/CE_releases.rst
index d2edb36b..aed4bf93 100644
--- a/source/CE_releases.rst
+++ b/source/CE_releases.rst
@@ -8,7 +8,7 @@ Community Edition
     :width: 600px
     :align: center
 
-As of January 2015 there have been *247* releases leading to the latest version *23.1.2*
+As of January 2015 there have been *249* releases leading to the latest version *23.1.4*
 named "Quintessential Quail".
 
 
diff --git a/source/releases/CE_23.1.rst b/source/releases/CE_23.1.rst
index d3760355..218853d1 100644
--- a/source/releases/CE_23.1.rst
+++ b/source/releases/CE_23.1.rst
@@ -29,6 +29,80 @@ can be found below as well.
 * Full mirror list: https://opnsense.org/download/
 
 
+--------------------------------------------------------------------------
+23.1.4 (March 21, 2023)
+--------------------------------------------------------------------------
+
+
+Another stable update to fix a StrongSwan regression and two OpenVPN
+incompatibilities introduced prior.  We have also improved the service
+handling code in multiple areas, fixed issues like the VIP migration
+problem with IP alias on a CARP VIP and improved/simplified the firmware
+settings now that cryptography flavours no longer exist.
+
+Here are the full patch notes:
+
+* system: address a number of web GUI startup problems
+* system: service handling refactor, tweaks and improvements
+* system: rework killbypid()/killbyname() behaviour
+* system: use system_resolver_configure() everywhere
+* reporting: simplify state collection for system-states.rrd
+* interfaces: fix an issue with a batch killbyname() in static ARP case
+* interfaces: make sure output buffering is disabled when downloading a packet capture
+* interfaces: lock gateway save button while the request is being processed
+* interfaces: fix IP alias with VHID validation issue
+* dhcp: several plumbing improvements in service handling
+* dnsmasq: remove now unused host configuration and refactor
+* firmware: responsiveness fix (contributed by kulikov-a)
+* firmware: move settings handling to full-fledged model
+* firmware: add advanced/help toggles, cancel button, subscription errors
+* monit: add permanent include statement for custom configuration files (contributed by codiflow)
+* openvpn: add ovpn_status.py script and configd action to fetch connected clients
+* openvpn: reintroduce "cipher" keyword for older clients
+* openvpn: add missing static-challenge parsing for auth framework introduced in 23.1.3
+* unbound: adhere to restart logic during hosts configure and wait for service to start
+* unbound: add infra-keep-probing advanced option
+* unbound: lowercase domain for case insensitive search in blocklists
+* mvc: fix PHP warnings and dance around null/0.0.0 ambiguity in migration code
+* plugins: os-api-backup 1.1 `[1] <https://github.com/opnsense/plugins/blob/stable/23.1/sysutils/api-backup/pkg-descr>`__ 
+* plugins: os-theme-cicada 1.34 (contributed by Team Rebellion)
+* plugins: os-theme-tukan 1.27 (contributed by Team Rebellion)
+* plugins: os-theme-vicuna 1.45 (contributed by Team Rebellion)
+* ports: curl 7.88.1 `[2] <https://curl.se/changes.html#7_88_1>`__ 
+* ports: nss 3.89 `[3] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89.html>`__ 
+* ports: php 8.1.17 `[4] <https://www.php.net/ChangeLog-8.php#8.1.17>`__ 
+* ports: py-vici 5.9.10
+* ports: squid 5.8 `[5] <http://www.squid-cache.org/Versions/v5/squid-5.8-RELEASENOTES.html>`__ 
+* ports: strongswan EAP-TLS upstream fix `[6] <https://github.com/opnsense/core/issues/6415>`__ 
+
+
+
+--------------------------------------------------------------------------
+23.1.3 (March 09, 2023)
+--------------------------------------------------------------------------
+
+
+This update was not planned as such, but an Sqlite compile change in FreeBSD
+ports required a clean rebuild so instead of a hotfix we are shipping this tiny
+stable update.
+
+Here are the full patch notes:
+
+* firewall: fix mismatch of options in new automatic listing of floating rules in interface rules
+* ipsec: "Allow any remote gateway to connect" should suffix all in order to connect to the other end
+* ipsec: store proper log values in advanced settings
+* ipsec: add a routing hook and execute it for all VTI devices during reconfiguration
+* ports: phpseclib 3.0.19 `[1] <https://github.com/phpseclib/phpseclib/releases/tag/3.0.19>`__ 
+* ports: sqlite backs out disabling DQS option which broke software on multiple ends
+* ports: sudo 1.9.13p3 `[2] <https://www.sudo.ws/stable.html#1.9.13p3>`__ 
+
+A hotfix release was issued as 23.1.3_4:
+
+* firewall: fix rule display of inverted aliases
+* firmware: add stub for previously removed -f option in opnsense-version
+
+
+
 --------------------------------------------------------------------------
 23.1.2 (March 07, 2023)
 --------------------------------------------------------------------------