New OPNsense Release

OPNsense Business Edition 22.4.2 released

July 7, 2022
This business release is based on the OPNsense 22.1.9 community version
with additional reliability improvements.

Here are the full patch notes:

o system: support plugin device reconfiguration in pluginctl utility
o system: use password_verify() in authenticators (contributed by oittaa)
o system: hide password from command line during config encryption
o system: improve gateway subnet validation to fix IPv6 edge cases
o system: dpinger support for IPv6 aliases
o system: support 1500000 baudrate selection for ARM
o system: non-functional cleanups for upcoming move to PHP 8
o system: fix firmware command shortcut in opnsense-shell utility
o system: if no temperature sysctls are exposed do nothing
o interfaces: add unique constraint for tag+if on VLANs
o firewall: bring back missing toggle button in aliases
o firewall: exclude internal aliases on import
o firewall: fix alias removal
o firewall: various usability and visibility improvements for aliases
o firewall: performance improvement for large numbers of port type aliases
o firewall: simplify sort and add natural sorting in alias diagnostics
o captive portal: add extendedPreAuthData for MAC address retrieval during authentication
o captive portal: add missing validation message for empty interface selection
o dhcp: refactor IPv4 lease removal and purge static leases before starting service
o dhcp: revert back to not adding an IP to static lease creation from leases page
o dhcp: allow custom configuration from directories
o firmware: add python version to crash report header
o opendns: update OpenDNS IPv6 servers (contributed by Johan Rylander)
o openvpn: add domain search option to servers and overrides
o unbound: add custom "destination address" as advanced option for blocklists
o unbound: disabling the first DNS override entry invalidates config
o unbound: make blocklist additions/removals dynamic to prevent a restart
o unbound: zero_ttl is no longer a valid statistic (contributed by David Mora)
o mvc: distinct between HTTP errors 401 and 403 during authentication
o mvc: call microtime(true) only once during config save (contributed by csbyte)
o plugins: os-acme-client 3.11[1]
o plugins: os-ddclient 1.7[2]
o plugins: os-debug 1.5 fixes deprecated xdebug syntax
o plugins: os-frr 1.29[3]
o plugins: os-nginx 1.28[4]
o plugins: os-postfix 1.22[5]
o plugins: os-wireguard 1.11[6]
o src: pf: fix memory leaks in nvlist usage
o src: pf: stop resolving hosts as dns that use ":" modifier
o src: e1000: Increase rx_buffer_size to 32b
o src: igc: Increase rx_buffer_size local variable to 32b
o src: assorted non-functional cleanups and typo corrections
o ports: curl 7.84.0[7]
o ports: krb5 1.20[8]
o ports: lighttpd 1.4.65[9]
o ports: nss 3.79[10]
o ports: openssl 1.1.1q[11]
o ports: openvpn 2.5.7[12]
o ports: php 7.4.30[13]
o ports: py-certifi 2022.5.18.1
o ports: sqlite3 3.38.5[14]
o ports: strongswan 5.9.6[15]
o ports: sudo 1.9.11p2[16]
o ports: unbound 1.16.0[17]

Stay safe,
Your OPNsense team

--
[1] https://github.com/opnsense/plugins/blob/stable/22.1/security/acme-client/pkg-descr
[2] https://github.com/opnsense/plugins/blob/stable/22.1/dns/ddclient/pkg-descr
[3] https://github.com/opnsense/plugins/blob/stable/22.1/net/frr/pkg-descr
[4] https://github.com/opnsense/plugins/blob/stable/22.1/www/nginx/pkg-descr
[5] https://github.com/opnsense/plugins/blob/stable/22.1/mail/postfix/pkg-descr
[6] https://github.com/opnsense/plugins/blob/stable/22.1/net/wireguard/pkg-descr
[7] https://curl.se/changes.html#7_84_0
[8] https://web.mit.edu/kerberos/krb5-1.20/
[9] https://www.lighttpd.net/2022/6/7/1.4.65/
[10] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.79_release_notes
[11] https://www.openssl.org/news/openssl-1.1.1-notes.html
[12] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25#Changesin2.5.7
[13] https://www.php.net/ChangeLog-7.php#7.4.30
[14] https://sqlite.org/releaselog/3_38_5.html
[15] https://github.com/strongswan/strongswan/releases/tag/5.9.6
[16] https://www.sudo.ws/stable.html#1.9.11p2
[17] https://nlnetlabs.nl/projects/unbound/download/#unbound-1-16-0