Software-update: OPNsense 26.1.4

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, OpenVPN, IPsec, CARP en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars achter OPNsense hebben versie 26.1.4 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.

OPNsense 26.1.4 released

This is basically a maintenance release in assorted areas, but also includes a CVE for the GUI for missing POST checks in the API. We thank everyone for reporting issues and testing the fixes with us to allow for easy and fast releases such as this one. The roadmap is almost ready to be published. Expect it later this week.

Here are the full patch notes:

system: store dashboard layout types based on column breakpointssystem: do not show snapshot notes in the gridsystem: use safe config iteration in admin settings pagereporting: use safe config iteration in RRD codeinterfaces: remove unused ip_in_interface_alias_subnet()interfaces: use safe config iteration in PPP edit pagefirewall: fix access to deleted filter node in advanced settingsfirewall: merge MVC NAT page templates into a single onefirewall: when repopulating the interface selectpicker, always restore current selection in new rules GUIfirewall: remove hardcoded colors where possible in new rules GUIfirewall: fix category colors in new rules GUIfirewall: merge read of groups and interfaces in new rules GUIfirewall: make MVC protocol selection match the old rules pagesfirewall: add model validations for common errors in destination NATfirewall: live view: allow regex use in "contains" casesfirewall: live view: fix SyntaxWarning in log reader backendfirewall: use safe iteration in old rule page for schedule lookupfirewall: use safe config iteration in outbound NAT pagefirmware: add aux repository supportipsec: use safe config iteration for VIP lookupkea: guard prefix watcher when no link-local address exists for a route that should be installedmonit: use safe config iteration in gateway alert scriptopenvpn: debounce learn-address calls to limit the number of alias updates to a minimumopenvpn: add validation for selecting username as CN without setting any authenticationunbound: split logic in update_blocklist() and simplify getPoliciesAction()unbound: move policy fetch to the controller and clean up accordinglybackend: remove unused examples throwing errors nowbackend: fix configd using a new temporary file for cached itemsmvc: ConfigMaintenance: when constructing class names use a safer way to strip .php extensionmvc: fix CSRF vulnerability in multiple API endpoints by enforcing POST-only requestsmvc: move CertificateField, InterfaceField and ProtocolField to newer static option APIshell: improve config restore UX using diff and additional meta data displayui: remove two unused static PHP array definitionsui: Bootgrid: split row selection behavior into rowSelection booleanui: Bootgrid: force a lightweight redraw when columns are programmatically changedui: Bootgrid: fix curRowCount type conversion issue when stored in localStoragelang: various language updatesports: libxml 2.15.2ports: strongswan 6.0.4ports: syslog-ng 4.11.0

system: store dashboard layout types based on column breakpoints

system: do not show snapshot notes in the grid

system: use safe config iteration in admin settings page

reporting: use safe config iteration in RRD code

interfaces: remove unused ip_in_interface_alias_subnet()

interfaces: use safe config iteration in PPP edit page

firewall: fix access to deleted filter node in advanced settings

firewall: merge MVC NAT page templates into a single one

firewall: when repopulating the interface selectpicker, always restore current selection in new rules GUI

firewall: remove hardcoded colors where possible in new rules GUI

firewall: fix category colors in new rules GUI

firewall: merge read of groups and interfaces in new rules GUI

firewall: make MVC protocol selection match the old rules pages

firewall: add model validations for common errors in destination NAT

firewall: live view: allow regex use in "contains" cases

firewall: live view: fix SyntaxWarning in log reader backend

firewall: use safe iteration in old rule page for schedule lookup

firewall: use safe config iteration in outbound NAT page

firmware: add aux repository support

ipsec: use safe config iteration for VIP lookup

kea: guard prefix watcher when no link-local address exists for a route that should be installed

monit: use safe config iteration in gateway alert script

openvpn: debounce learn-address calls to limit the number of alias updates to a minimum

openvpn: add validation for selecting username as CN without setting any authentication

unbound: split logic in update_blocklist() and simplify getPoliciesAction()

unbound: move policy fetch to the controller and clean up accordingly

backend: remove unused examples throwing errors now

backend: fix configd using a new temporary file for cached items

mvc: ConfigMaintenance: when constructing class names use a safer way to strip .php extension

mvc: fix CSRF vulnerability in multiple API endpoints by enforcing POST-only requests

mvc: move CertificateField, InterfaceField and ProtocolField to newer static option API

shell: improve config restore UX using diff and additional meta data display

ui: remove two unused static PHP array definitions

ui: Bootgrid: split row selection behavior into rowSelection boolean

ui: Bootgrid: force a lightweight redraw when columns are programmatically changed

ui: Bootgrid: fix curRowCount type conversion issue when stored in localStorage

lang: various language updates

ports: libxml 2.15.2

ports: strongswan 6.0.4

ports: syslog-ng 4.11.0

Source: Tweakers.net