OPNsense 24.7.1 Security und Bugfix Release

Die Community Edition der beliebten Open-Source Firewall OPNsense erhielt das Bugfix Release 24.7.1. Durch das Neudesign des Dashboardes gab es einige Rückmeldungen und Verbesserungen in diesem Release. Weiterhin wurden einige kleinere Bugfixes im Phalcon Modul durchgeführt, sowie im IPv6 Verhalten für SLAAC.

Weiterhin wurden Bugfixes in FreeBSD 14.1 inklusive Sicherheitsanpassungen durchgeführt.

OPNsense 24.7.1 Release Notes

• system: guard destroy on traffic widget
• system: adjust address display in interfaces widget
• system: fix display of multiple sources in thermal sensor widget
• system: add load average back to system info widget
• system: remove dots from traffic widget graphs
• system: add publication date to announcement widget
• system: fix monit widget status code handling
• system: allow and persist vertical resize in widgets
• system: improve formatting of byte values in widgets
• system: update OpenVPN widget server status color
• system: add aggregated traffic information about connected children in IPsec widget
• system: remove animated transition from row hover for table widgets
• system: improve the styling of the widget lock button
• system: apply locked state to newly added widgets as well
• system: account for removal of rows in non-rotated widget tables with top headers
• system: use „importmap“ to force cache safe imports of base classes for widgets
• system: allow custom fonts in the widgets with gauges (contributed by Jaka Prasnika)
• system: add monitor IP to gateway API result (contributed by Herman Bonnes)
• system: better define „in use“ flag and safety guards in certificates section
• system: export p12 resulted in mangled binary blob in certificates section
• system: when using debug kernels prevent them from triggering unrelated panics on assertions
• system: switch Twitter to Reddit URL in message of the day
• system: fix API exception on empty CA selection
• system: skip tentative IPv6 addresses for binding in the web GUI (contributed by tionu)
• interfaces: avoid deprecating SLAAC address for now
• firewall: show inspect button on „xs“ size screen
• firewall: fix parsing port alias names in /etc/services
• captive portal: fix client disconnect (contributed by Vivek Panchal)
• firmware: revoke old fingerprints
• ipsec: add aggregated traffic totals to phase 1 view
• kea-dhcp: ignore invalid hostnames in static mappings to prevent DNS services crashes
• openvpn: use new trust model to link users by common_name in exporter
• openvpn: DCO mode only supports UDP on FreeBSD
• openvpn: add „float“ option to instances (contributed by Christian Kohlstedde)
• backend: patch -6 address support into pluginctl
• mvc: fix API endpoint sending data without giving the Response object the chance to flush its headers
• plugins: os-acme-client 4.5[1]
• plugins: os-apcupsd 1.2[2]
• plugins: os-caddy 1.6.2[3]
• plugins: os-ddclient 1.23[4]
• plugins: os-theme-rebellion 1.9.1 fixes more compatibility issues with new dashboard (contributed by Team Rebellion)
• src: pf incorrectly matches different ICMPv6 states in the state table[5]
• src: ktrace(2) fails to detach when executing a setuid binary[6]
• src: NFS client accepts file names containing path separators[7]
• src: xen/netfront: Decouple XENNET tags from mbuf lifetimes
• src: dummynet: fix fq_pie traffic stall
• src: mcast: fix leaked igmp packets on multicast cleanup
• src: wg: change dhost to something other than a broadcast address (contributed by Sunny Valley Networks)
• ports: curl 8.9.1[8]
• ports: dhcrelay 0.6[9]
• ports: kea 2.6.1[10]
• ports: nss 3.102[11]
• ports: php 8.2.22[12]
• ports: rrdtool 1.9.0[13]

ports: syslog-ng 4.8.0[14]