OPNsense 21.7.8 released
January 27, 2022
Hello everyone,
To improve migration to the next version we are releasing this update
back to back with 22.1. There is no immediate need to upgrade so plenty
of time to read and prepare.
Suffice to say this will be the last update of the 21.7 series. Thank
you and see you on the other side.
Here are the full patch notes:
o system: remove spurious XML validation that cannot cope with attributes from backup restore
o system: prevent syslog-ng from crashing after update due to "syslog-ng-ctl reload" use
o reporting: fix display of total in/out traffic values
o firewall: removed the $aliastable cache
o firewall: correctly handle IPv6 NAT in states view
o firewall: skip rule ID for NAT type log entries (contributed by kulikov-a)
o firewall: support "no scrub" option in normalisation rules
o network time: remove PID file use as it can be unreliable
o intrusion detection: update to ET-Open to version 6
o intrusion detection: prevent config migration from crashing
o lang: update translations for Chinese, French, German, Italian, Japanese, Norwegian, Spanish, and Turkish
o captive portal: prevent session removal crashing when no IP address was registered
o firmware: offer 22.1 upgrade path when supported by mirror
o mvc: add getInterfaceConfig endpoint to interface API (contributed by Paolo Asperti)
o mvc: fix logging of configd errors (contributed by kulikov-a)
o plugins: os-acme-client 3.8[1]
o plugins: os-frr 1.26[2]
o plugins: os-openconnect 1.4.2[3]
o plugins: os-postfix 1.21[4]
o plugins: os-telegraf 1.12.4[5]
o plugins: os-wireguard 1.10[6]
o src: axgbe: validate contents of gpio expander
o src: incorrect XSAVE state size[7]
o src: vPCI compatibility improvements with certain Hyper-V releases[8]
o src: vt console buffer overflow[9]
o ports: expat 2.4.2[10]
o ports: filterlog 0.6[11]
o ports: flock 2.37.2
o ports: hostapd 2.10[12]
o ports: lighttpd 1.4.63[13]
o ports: nss 3.74[14]
o ports: openssl 1.1.1m[15]
o ports: openvpn 2.5.5[16]
o ports: php 7.4.27[17]
o ports: sqlite 3.37.2[18]
o ports: syslog-ng 3.35.1[19]
o ports: unbound 1.14.0[20]
o ports: wpa_supplicant 2.10[21]
Stay safe,
Your OPNsense team
--
[1] https://github.com/opnsense/plugins/blob/stable/21.7/security/acme-client/pkg-descr
[2] https://github.com/opnsense/plugins/blob/stable/21.7/net/frr/pkg-descr
[3] https://github.com/opnsense/plugins/blob/stable/21.7/security/openconnect/pkg-descr
[4] https://github.com/opnsense/plugins/blob/stable/21.7/mail/postfix/pkg-descr
[5] https://github.com/opnsense/plugins/blob/stable/21.7/net-mgmt/telegraf/pkg-descr
[6] https://github.com/opnsense/plugins/blob/stable/21.7/net/wireguard/pkg-descr
[7] https://www.freebsd.org/security/advisories/FreeBSD-EN-22:02.xsave.asc
[8] https://www.freebsd.org/security/advisories/FreeBSD-EN-22:03.hyperv.asc
[9] https://www.freebsd.org/security/advisories/FreeBSD-SA-22:01.vt.asc
[10] https://github.com/libexpat/libexpat/blob/R_2_4_2/expat/Changes
[11] https://github.com/opnsense/ports/commit/2e27655d84
[12] https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog
[13] https://www.lighttpd.net/2021/12/4/1.4.63/
[14] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.74_release_notes
[15] https://www.openssl.org/news/openssl-1.1.1-notes.html
[16] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25#Changesin2.5.5
[17] https://www.php.net/ChangeLog-7.php#7.4.27
[18] https://sqlite.org/releaselog/3_37_2.html
[19] https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.35.1
[20] https://nlnetlabs.nl/projects/unbound/download/#unbound-1-14-0
[21] https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog