New OPNsense Release

OPNsense 22.7.11 released

Hello there,

This will be the end of life release for the 22.7 series with only a small
number of reliability updates.  Upgrades to 23.1-RC1 are possible from the
development version of this release.  We do expect an online update for RC2
next week.

The final 23.1 release will be on January 26.  As always the upgrade path
from the community version will be added as a hotfix shortly after the final
release annoucement is published.  However, this time around LibreSSL will
no longer update and must be switched to the OpenSSL flavour prior to the
upgrade.

Here are the full patch notes:

o system: fix a few minor Coverity Scan reports in Python code[1]
o firewall: show automated "port 0" rule as actual port "0" on PHP 8
o reporting: fix incompatible regex syntax in FreeBSD 13.1 for firewall state health statistics
o unbound: safeguard retrieval of blocklist shortcode
o mvc: fix IntegerField minimum value (contributed by xbb)
o plugins: acme-client 3.15[2]
o plugins: os-stunnel fixes missing include in certificate script
o ports: curl 7.87.0[3]
o ports: nss 3.87[4]
o ports: pcre 10.42[5]
o ports: phalcon 5.1.4[6]
o ports: php 8.0.27[7]
o ports: sqlite 3.40.1[8]
o ports: strongswan 5.9.9[9]
o ports: unbound 1.17.1[10]

Stay safe,
Your OPNsense team

--
[1] https://scan.coverity.com/projects/opnsense-core
[2] https://github.com/opnsense/plugins/blob/stable/22.7/security/acme-client/pkg-descr
[3] https://curl.se/changes.html#7_87_0
[4] https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html
[5] https://www.pcre.org/changelog.txt
[6] https://github.com/phalcon/cphalcon/releases/tag/v5.1.4
[7] https://www.php.net/ChangeLog-8.php#8.0.27
[8] https://sqlite.org/releaselog/3_40_1.html
[9] https://github.com/strongswan/strongswan/releases/tag/5.9.9
[10] https://nlnetlabs.nl/projects/unbound/download/#unbound-1-17-1