OPNsense 17.7.7 released

Hi there,

OPNsense 17.7.7 was released on October 26th, this blog was unintentionally not updated. Our apology..
That being said, OpenSSH is being updated to version 7.6, which means this change breaks compatibility with SSH protocol version 1 and refuses RSA keys smaller than 1024 bits. Ideally, none of this should matter in a security-aware deployment, but it is safer to double-check before the upgrade.

A new plugin for the Telegraf agent was released and we have reworked the GeoIP alias configuration to be less cumbersome. We would like to thank everyone for the steady stream of ideas and constructive discussion.

The 18.1-BETA call for testing will be out in the next 24 hours as well for all enthusiasts who want to test-drive the change from FreeBSD 11.0 to 11.1. It has been an unconventional development cycle and this time around there will be no images until 18.1-RC in late December or January.

And here are the full patch notes:

  • firewall: GeoIP alias edit UX rework
  • reporting: increase database timeout to 60 seconds
  • firmware: add server in Frankfurt, DE courtesy of ieji.de
  • firmware: base / kernel lock API
  • firmware: details dialog for plugins
  • firmware: assorted minor UI tweaks
  • dhcp: improve sorting of DHCP leases (contributed by Larry Meaney)
  • ipsec: add rightsourceip = %radius for eap-radius
  • ipsec: moved firewall rule generation to plugin code
  • web proxy: remove default value of visible_hostname
  • mvc: translate navigation tabs (contributed by Alexander Shursha)
  • mvc: prevent faulty child node removal in serializeToConfig()
  • plugins: os-freeradius 1.2.0 adds EAP-TLS support (contributed by Michael Muenz)
  • plugins: os-intrusion-detection-content-snort-vrt 1.0 (contributed by shonjir)
  • plugins: os-telegraf 1.0 (contributed by Michael Muenz)
  • plugins: os-tor 1.1 fixes VIP usage and initial setup
  • ports: curl 7.56.1[1]
  • ports: openssh 7.6p1[2]
  • ports: suricata 4.0.1[3]

A hotfix release was issued as 17.7.7_1:

  • firewall: fix regression in host alias edit

Stay safe,
Your OPNsense team

[1] https://curl.haxx.se/changes.html
[2] https://www.openssh.com/txt/release-7.6
[3] https://suricata-ids.org/2017/10/18/suricata-4-0-1-available/