Re: OPNsense 26.4 business edition released

Fri, 01 May 2026 09:31:25 GMT

A hotfix release was issued as 26.4_6:

o system: protect popen() with exec_safe()[34]
o system: lockout bypass fix[35] (contributed by Konstantinos Spartalis)
o system: allow gateway load balance weights from 1 to 10 for more flexibility (contributed b...

Read more

Re: OPNsense 26.1.7 released

Thu, 30 Apr 2026 20:14:44 GMT

A hotfix release was issued as 26.1.7_1:

o system: fix missing newline when generating cron jobs due to a regression

Read more

OPNsense 26.1.7 released

Thu, 30 Apr 2026 13:26:01 GMT

That was quick!

This includes all very recent FreeBSD SA/EN patches, a number of system
improvements (how are you doing, Kea!) and third party updates for OpenVPN
and StrongSwan.

It also includes one high and one medium advisory for our code.  GitHub
h...

Read more

Re: OPNsense 26.1.6 released

Thu, 23 Apr 2026 09:13:16 GMT

A hotfix release was issued as 26.1.6_2:

o system: use Framed-IPv6-Address in case of an IPv6 address in RADIUS accounting
o captive portal: fix allowed addresses missing from session IPs in roaming case
o images: refreshed images using this version in...

Read more

OPNsense 26.4 business edition released

Wed, 15 Apr 2026 10:27:09 GMT

The OPNsense business edition transitions to this 26.4 release including
full MVC/API experience as automation rules have been promoted to the new
rules GUI, Suricata with a new inline inspection mode using "divert",
assorted IPv6 reliability and featu...

Read more

Re: OPNsense 25.10.2 business edition released

Wed, 15 Apr 2026 10:25:58 GMT

A hotfix release was issued as 25.10.2_12:

o firmware: add upgrade hint and fingerprint for 26.4 plus isc-dhcp plugin migration

Read more

Re: OPNsense 25.10.2 business edition released

Sun, 12 Apr 2026 08:21:09 GMT

A hotfix release was issued as 25.10.2_11:

o system: move ldap_escape() to caller for now to avoid side effects

Read more

Re: OPNsense 25.10.2 business edition released

Thu, 09 Apr 2026 13:22:29 GMT

A hotfix release was issued as 25.10.2_10:

o system: escape LDAP username during search[26] (reported by Matt Andreko)
o unbound: limit duckdb to a single thread in write mode to reduce logger memory usage

--
[26] https://www.cve.org/cverecord?id=CVE-2...

Read more

OPNsense 26.1.6 released

Thu, 09 Apr 2026 12:49:33 GMT

Hello, hello,

Yes, we are obviously still alive!  This update addresses a number of security
issues -- first and foremost an injection into LDAP authentication that can
bypass group restrictions during login.  Also included are Curl and OpenSSL
third p...

Read more

Re: OPNsense 25.10.2 business edition released

Thu, 26 Mar 2026 13:54:40 GMT

A hotfix release was issued as 25.10.2_8:

o interfaces: fix static neighbor apply button (contributed by Konstantinos Spartalis)
o firewall: one-to-one NAT rendered rule missed "log" statement
o ipsec: fix delete selected for SPD and SAD
o mvc: ConfigM...

Read more