Software-update: OPNsense 26.1.1

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, OpenVPN, IPsec, CARP en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars achter OPNsense hebben versie 26.1.1 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.

OPNsense 26.1.1 released

This ships OpenSSL and Python security updates as well as address a number of shortcomings of the initial 26.1 and community-infused improvements of the new rules GUI which we would not have dreamed of to get this quickly. We are very happy with the current state of the new rules GUI and all the discussions we have had on how it can be further improved. It is just the beginning. A roadmap for 26.7 will be in the works later this month.

Looking back 11 years it appears that the best hopes we had for the project back then have all come true. It took lot longer than expected but we got there together with you, our beloved community. It will only take a bit more work now to achieve MVC/API support for all core components and remove root access from the web GUI. And we hope that you will be up for it in the coming years as well. Images will likely be reissued based on this release, but it is not an immediate priority. Upgrade paths from 25.7 will also be updated in the near future to ensure the best possible upgrade experience.

Here are the full patch notes:

interfaces: fix WLAN creation when $mode is emptyinterfaces: fix interface settings save with disabled ISC DHCPv6 serverinterfaces: add optional interval input to pingfirewall: fix rule anchor rendering for pluginsfirewall: prevent autocomplete in alias auth passwordfirewall: validate UUID on rules migration importfirewall: fix overload table setting being written as UUID into pf.conf in new rules GUIfirewall: local-port field in destination NAT does not support range and well-known namefirewall: change toggle_log icon to help visibility in new rules GUIfirewall: add missing schedules support for new rules GUIfirewall: make statistics column responsive for new rules GUIfirewall: add link to states and put it first in list in new rules GUIfirewall: add "any" interface filter option and make it the defaultreporting: render RRD integer as string in command invokednsmasq: compare leases case insensitivefirmware: opnsense-code: allow -r to specify the release branch for core/pluginsfirmware: opnsense-patch: when patching make no backupsfirmware: opnsense-update: batch use of -g and -G optionskea: add several missing validationskea: use hostwatch as source for prefix watcheropenssh: style update for config generationradvd: correctly verify constructor interface if usedlang: added Persian as a new language and a few updates/fixes in existing translationsinstaller: ufs: flush the disk to avoid spurious partitioning errorsmvc: support verbose logging in run_migrations.phpmvc: shield exec_safe() against fatal type errorsmvc: mark exported CSV as content safe to disable escapingmvc: ArrayField: support throwing exceptions in importRecordSet()mvc: fix class names of ManualSpdController and VxlanControllermvc: BaseModel: create missing nodes in legacy mapperui: bootgrid: allow multi word tooltips (contributed by Matthias Kaduk)ui: bootgrid: introduce toggle-selected commandui: bootgrid: searchable column selectorsui: move refresh of selectpicker types into setFormData() and improve type detectionplugins: os-acme-client 4.13plugins: os-ddclient 1.30plugins: os-freeradius 1.10.1plugins: os-tayga 1.4plugins: os-tinc 1.8 adds disable subnet routes option (contributed by Thojo0)src: fix multiple vulnerabilities in OpenSSLsrc: jail escape by a privileged user via nullfssrc: arm64 SVE signal context misalignmentsrc: page fault handler fails to zero memoryports: dnsmasq 2.92ports: libxml 2.15.1ports: openssl 3.0.19ports: phalcon 5.10.0ports: php 8.3.30ports: phpseclib 3.0.49ports: python security fixes

interfaces: fix WLAN creation when $mode is empty

interfaces: fix interface settings save with disabled ISC DHCPv6 server

interfaces: add optional interval input to ping

firewall: fix rule anchor rendering for plugins

firewall: prevent autocomplete in alias auth password

firewall: validate UUID on rules migration import

firewall: fix overload table setting being written as UUID into pf.conf in new rules GUI

firewall: local-port field in destination NAT does not support range and well-known name

firewall: change toggle_log icon to help visibility in new rules GUI

firewall: add missing schedules support for new rules GUI

firewall: make statistics column responsive for new rules GUI

firewall: add link to states and put it first in list in new rules GUI

firewall: add "any" interface filter option and make it the default

reporting: render RRD integer as string in command invoke

dnsmasq: compare leases case insensitive

firmware: opnsense-code: allow -r to specify the release branch for core/plugins

firmware: opnsense-patch: when patching make no backups

firmware: opnsense-update: batch use of -g and -G options

kea: add several missing validations

kea: use hostwatch as source for prefix watcher

openssh: style update for config generation

radvd: correctly verify constructor interface if used

lang: added Persian as a new language and a few updates/fixes in existing translations

installer: ufs: flush the disk to avoid spurious partitioning errors

mvc: support verbose logging in run_migrations.php

mvc: shield exec_safe() against fatal type errors

mvc: mark exported CSV as content safe to disable escaping

mvc: ArrayField: support throwing exceptions in importRecordSet()

mvc: fix class names of ManualSpdController and VxlanController

mvc: BaseModel: create missing nodes in legacy mapper

ui: bootgrid: allow multi word tooltips (contributed by Matthias Kaduk)

ui: bootgrid: introduce toggle-selected command

ui: bootgrid: searchable column selectors

ui: move refresh of selectpicker types into setFormData() and improve type detection

plugins: os-acme-client 4.13

plugins: os-ddclient 1.30

plugins: os-freeradius 1.10.1

plugins: os-tayga 1.4

plugins: os-tinc 1.8 adds disable subnet routes option (contributed by Thojo0)

src: fix multiple vulnerabilities in OpenSSL

src: jail escape by a privileged user via nullfs

src: arm64 SVE signal context misalignment

src: page fault handler fails to zero memory

ports: dnsmasq 2.92

ports: libxml 2.15.1

ports: openssl 3.0.19

ports: phalcon 5.10.0

ports: php 8.3.30

ports: phpseclib 3.0.49

ports: python security fixes

Source: Tweakers.net