New OPNsense Release

OPNsense 21.1.8 released

Hi there,

The code moves to PHP 7.4 as previously announced.  Shipped alongside
are a few updates and fixes that still make sense for the 21.1 series.

We are happy to note our community contributions regarding the Norwegian
translation and Fetchmail plugin.

Later today, 21.7-RC1 is going to be released as well and you can
make the upgrade from the development release type where the bulk of
current improvements is being included.

Here are the full patch notes:

o system: Norwegian translation (contributed by Stein-Aksel Basma)
o system: correctly enforce "Disable writing log files to the local disk" when circular logs are not used
o system: allow to edit gateway entries with non-conforming names
o system: add HA sync entry for live log templates
o system: lock config writes during HA merges
o interfaces: do not check for existing CARP interfaces midstream
o interfaces: refactor IP address removal on configure
o interfaces: remove non-tunnel restriction from address collection
o interfaces: set tunnel flag for IPv4 tunnel plus cleanups
o firewall: possibility to filter nat/rdr action in live log
o firewall: set label for obsolete rule in live log (contributed by kulikov-a)
o intrusion detection: fix alert reads from eve.json
o ui: prevent translation line breaks from breaking JS
o ui: switch firewall category icon for clarity
o plugins: os-etpro-telemetry 1.5 exclude stale data from telemetry upload
o plugins: os-fetchmail 1.0 (contributed by Michael Muenz)
o plugins: os-freeradius 1.9.14[1]
o plugins: os-maltrail 1.8[2]
o plugins: os-nginx Phalcon 4 fixes
o plugins: os-nut 1.8[3]
o plugins: os-telegraf 1.11.0[4]
o plugins: os-tor Phalcon 4 fix
o plugins: os-zabbix5-proxy is now a plugin variant
o src: libcasper: fix descriptors numbers[5]
o src: linux: Prevent integer overflow in futex_requeue[6]
o ports: clog 1.0.2 fixes garbage header write on init
o ports: libxml 2.9.12[7]
o ports: nettle 3.7.3
o ports: nss 3.67[8]
o ports: openvpn 2.5.3[9]
o ports: php 7.4.20[10]
o ports: phpseclib 2.0.32[11]
o ports: sudo 1.9.7p1[12]
o ports: suricata 5.0.7[13]

Stay safe,
Your OPNsense team

--
[1] https://github.com/opnsense/plugins/blob/stable/21.1/net/freeradius/pkg-descr
[2] https://github.com/opnsense/plugins/blob/stable/21.1/security/maltrail/pkg-descr
[3] https://github.com/opnsense/plugins/blob/stable/21.1/sysutils/nut/pkg-descr
[4] https://github.com/opnsense/plugins/blob/stable/21.1/net-mgmt/telegraf/pkg-descr
[5] https://www.freebsd.org/security/advisories/EN-21:19.libcasper.asc
[6] https://www.freebsd.org/security/advisories/EN-21:22.linux_futex.asc
[7] http://www.xmlsoft.org/news.html
[8] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.67_release_notes
[9] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25#Changesin2.5.3
[10] https://www.php.net/ChangeLog-7.php#7.4.20
[11] https://github.com/phpseclib/phpseclib/releases/tag/2.0.32
[12] https://www.sudo.ws/stable.html#1.9.7p1
[13] https://redmine.openinfosecfoundation.org/versions/166