A hotfix release was issued as 24.10_1:

o firmware: fix timeout in update CRL fetcher

The OPNsense business edition transitions to this 24.10 release including
ZFS snapshot support via GUI/API, rewritten dashboard, system trust MVC/API
support, GRE and GIF MVC/API support, NAT 1-to-1 MVC/API support, WireGuard
QR code generator, dynamic...

Hello there!

A few security and reliability issues this week.  Most notably Suricata
and Unbound.  The dashboard rework seems to be concluded now as the
ACL behaviour was now aligned and should match the user expectation on
the "Lobby" section privileg...

A hotfix release was issued as 24.7.5_3:

o system: due to observed timing issues avoid the use of closelog()
o openvpn: fix "auth-gen-token" being supplied in server mode

A good day to you all,

This release removes significant processing overhead from larger setups
due to being able to coalesce parallel configuration requests for the same
component instead of iterating over the list of selected interfaces one
by one.  A...

This business release is based on the OPNsense 24.4.2 business version
with additional reliability improvements.

Here are the full patch notes:

o system: add snapshots (boot environments) support via MVC/API (contributed by Sheridan Computers)
o system...

A hotfix release was issued as 24.7.4_1:

o interfaces: fix PPP regression of empty gateway default

Hey,

Since we are currently having a vivid discussion about what constitutes
a downstream or upstream issue in the FreeBSD scope we will revert the
FreeBSD-SA-24:05.pf advisory until further notice.  As confirmed by many
users this brings ICMPv6 and th...

A hotfix release was issued as 24.7.3_1:

o intrusion detection: fix indent in suricata.yaml

Dear all,

Today we are switching pf stateful tracking of ICMPv6 neighbour discoveries
off in order to fix the previous instability with the FreeBSD security
advisory first shipped in 24.7.1.  We do this in order to provide the same
reliable IPv6 functi...