Home »
Blog
Re: OPNsense 25.10.2 business edition released
Sun, 12 Apr 2026 08:21:09 GMT
A hotfix release was issued as 25.10.2_11:
o system: move ldap_escape() to caller for now to avoid side effects
Re: OPNsense 25.10.2 business edition released
Thu, 09 Apr 2026 13:22:29 GMT
A hotfix release was issued as 25.10.2_10:
o system: escape LDAP username during search[26] (reported by Matt Andreko)
o unbound: limit duckdb to a single thread in write mode to reduce logger memory usage
--
[26] https://www.cve.org/cverecord?id=CVE-2...
OPNsense 26.1.6 released
Thu, 09 Apr 2026 12:49:33 GMT
Hello, hello,
Yes, we are obviously still alive! This update addresses a number of security
issues -- first and foremost an injection into LDAP authentication that can
bypass group restrictions during login. Also included are Curl and OpenSSL
third p...
Re: OPNsense 25.10.2 business edition released
Thu, 26 Mar 2026 13:54:40 GMT
A hotfix release was issued as 25.10.2_8:
o interfaces: fix static neighbor apply button (contributed by Konstantinos Spartalis)
o firewall: one-to-one NAT rendered rule missed "log" statement
o ipsec: fix delete selected for SPD and SAD
o mvc: ConfigM...
OPNsense 26.1.5 released
Tue, 24 Mar 2026 13:59:05 GMT
Howdy,
This updates ships a few third party updates, assorted core fixes and
improvements of which Kea DDNS and options support may be the most
sought-after.
The captive portal IPv6 changes are ready for wider testing on the
development version and ove...
Re: OPNsense 25.10.2 business edition released
Mon, 16 Mar 2026 09:35:01 GMT
A hotfix release was issued as 25.10.2_4:
o unbound: fix blocklist add in reporting page following POST-only fix
Re: OPNsense 25.10.2 business edition released
Thu, 12 Mar 2026 14:16:56 GMT
A hotfix release was issued as 25.10.2_3:
o captive portal: fix hard-timeout calculation
o firmware: avoid update-hook background cleanups
o mvc: fix CSRF vulnerability in multiple API endpoints by enforcing POST-only requests[21] (contributed by Olive...
OPNsense 26.1.4 released
Wed, 11 Mar 2026 12:44:25 GMT
Hi,
This is basically a maintenance release in assorted areas, but also includes
a CVE for the GUI for missing POST checks in the API. We thank everyone
for reporting issues and testing the fixes with us to allow for easy and fast
releases such as thi...
OPNsense 26.1.3 released
Wed, 04 Mar 2026 12:28:03 GMT
Hi and hello,
This update finally brings in Python 3.13 after the struggle we had with
3.11 and missing security patches. A number of things were fixed for the
new rules GUI as well as assorted minor things in all areas of the code
base. Two FreeBSD ...
Re: OPNsense 26.1.2 released
Thu, 19 Feb 2026 14:22:05 GMT
SHA256 (OPNsense-26.1.2-dvd-amd64.iso.bz2) = 8b81427b049ca291bed982a85c6eb821e9887f70b79c1d8183c24721e037f938
SHA256 (OPNsense-26.1.2-nano-amd64.img.bz2) = 24ae4c3f178bcc53475ab0b2ec50a7b06e9541f5080c156e5aa967c12a8d343e
SHA256 (OPNsense-26.1.2-serial-...