Re: OPNsense 26.1.6 released

Thu, 23 Apr 2026 09:13:16 GMT

A hotfix release was issued as 26.1.6_2:

o system: use Framed-IPv6-Address in case of an IPv6 address in RADIUS accounting
o captive portal: fix allowed addresses missing from session IPs in roaming case
o images: refreshed images using this version in...

Read more

OPNsense 26.4 business edition released

Wed, 15 Apr 2026 10:27:09 GMT

The OPNsense business edition transitions to this 26.4 release including
full MVC/API experience as automation rules have been promoted to the new
rules GUI, Suricata with a new inline inspection mode using "divert",
assorted IPv6 reliability and featu...

Read more

Re: OPNsense 25.10.2 business edition released

Wed, 15 Apr 2026 10:25:58 GMT

A hotfix release was issued as 25.10.2_12:

o firmware: add upgrade hint and fingerprint for 26.4 plus isc-dhcp plugin migration

Read more

Re: OPNsense 25.10.2 business edition released

Sun, 12 Apr 2026 08:21:09 GMT

A hotfix release was issued as 25.10.2_11:

o system: move ldap_escape() to caller for now to avoid side effects

Read more

Re: OPNsense 25.10.2 business edition released

Thu, 09 Apr 2026 13:22:29 GMT

A hotfix release was issued as 25.10.2_10:

o system: escape LDAP username during search[26] (reported by Matt Andreko)
o unbound: limit duckdb to a single thread in write mode to reduce logger memory usage

--
[26] https://www.cve.org/cverecord?id=CVE-2...

Read more

OPNsense 26.1.6 released

Thu, 09 Apr 2026 12:49:33 GMT

Hello, hello,

Yes, we are obviously still alive!  This update addresses a number of security
issues -- first and foremost an injection into LDAP authentication that can
bypass group restrictions during login.  Also included are Curl and OpenSSL
third p...

Read more

Re: OPNsense 25.10.2 business edition released

Thu, 26 Mar 2026 13:54:40 GMT

A hotfix release was issued as 25.10.2_8:

o interfaces: fix static neighbor apply button (contributed by Konstantinos Spartalis)
o firewall: one-to-one NAT rendered rule missed "log" statement
o ipsec: fix delete selected for SPD and SAD
o mvc: ConfigM...

Read more

OPNsense 26.1.5 released

Tue, 24 Mar 2026 13:59:05 GMT

Howdy,

This updates ships a few third party updates, assorted core fixes and
improvements of which Kea DDNS and options support may be the most
sought-after.

The captive portal IPv6 changes are ready for wider testing on the
development version and ove...

Read more

Re: OPNsense 25.10.2 business edition released

Mon, 16 Mar 2026 09:35:01 GMT

A hotfix release was issued as 25.10.2_4:

o unbound: fix blocklist add in reporting page following POST-only fix

Read more

Re: OPNsense 25.10.2 business edition released

Thu, 12 Mar 2026 14:16:56 GMT

A hotfix release was issued as 25.10.2_3:

o captive portal: fix hard-timeout calculation
o firmware: avoid update-hook background cleanups
o mvc: fix CSRF vulnerability in multiple API endpoints by enforcing POST-only requests[21] (contributed by Olive...

Read more