Dear all, Today we are addressing CVE-2018-18958 regarding an unenforced “deny config write” privilege. The issue was reported by brainrecursion this Monday and subsequently fixed along with several related issues. The “deny config write” privilege coupled with admin or user and group manager rights are affected combinations. It is an uncommon way to configureaccess as […]
Read moreHello there, We are back for new features, updates and reliability fixes. Noteworthy are the addition of the PIE shaper option and firewall alias API. Both Unbound and Dnsmasq have been updated to their latest version. Here are the full patch notes: o firewall: resolve interface address “:0” for port forwarding in kernel o firewall: […]
Read moreHi folks, While the HardenedBSD 11.2 adoption is almost finished behind the scenes, this release merely revolves around minor corrections and additions that make your life easier. We are also confident that 18.7.6 finally ships the firewall alias API. Of worthy mention are also the IPsec phase 1 changes that allow multiple DH groups and […]
Read moreDear all, This update reboots into the latest and greatest Realtek driver version 1.95. Also included is a web proxy implementation of the WPAD protocol. Furthermore LibreSSL was moved from version 2.6 to 2.7. Originally planned was the release of the firewall alias API, but this will have to way a while longer. Thank you […]
Read moreHi there, Long-term IPv6 efforts continue in the form of further 6RD feature comfort and a few edge-case fixes in IPv6 interface selection. Please note there is a reboot necessary due to a security advisory amendment and errata patch. Progress was made on the importer that blocked further efforts in ZFS installation originally planned for […]
Read moreGood day folks, Lots of third party security updates, plugin updates and minor enhancements in overall system reliability. In other news the firewall alias API has been finished in the development version. If you use the development version you cannot go back to the production version until the API has been released there as well, […]
Read moreHi everyone, This is the first stable update and includes security updates for several third party software and FreeBSD. A Bind plugin was released with DNSBL support and the reported problems with the HAProxy plugin have been sorted out thanks to enthusiastic reporters and testers. Here are the full patch notes: o system: hide web […]
Read moreDear friends and followers, For 3 and a half years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing. Another 6 months passed by ever so […]
Read moreDear all, It is that time of the year again: this update is the last one in the 18.1 series and 18.7, nicknamed “Happy Hippo”, will be released next week! The transition will be seamless when heeding the upgrade notes to be published with the 18.7 images on July 31. All 18.7-RC users will be […]
Read moreWhat up! So far so good. Here is another batch of changes for the upcoming 18.7 release from assorted areas. Also included is the latest Suricata 4.0.5. We have bundled the firewall alias API progress under the hood, but it looks like we will miss our initial 18.7 target. Sorry about that. Though it should […]
Read more