with additional reliability improvements.
Here are the full patch notes:
o system: support plugin device reconfiguration in pluginctl utility
o system: use password_verify() in authenticators (contributed by oittaa)
o system: hide password from command line during config encryption
o system: improve gateway subnet validation to fix IPv6 edge cases
o system: dpinger support for IPv6 aliases
o system: support 1500000 baudrate selection for ARM
o system: non-functional cleanups for upcoming move to PHP 8
o system: fix firmware command shortcut in opnsense-shell utility
o system: if no temperature sysctls are exposed do nothing
o interfaces: add unique constraint for tag+if on VLANs
o firewall: bring back missing toggle button in aliases
o firewall: exclude internal aliases on import
o firewall: fix alias removal
o firewall: various usability and visibility improvements for aliases
o firewall: performance improvement for large numbers of port type aliases
o firewall: simplify sort and add natural sorting in alias diagnostics
o captive portal: add extendedPreAuthData for MAC address retrieval during authentication
o captive portal: add missing validation message for empty interface selection
o dhcp: refactor IPv4 lease removal and purge static leases before starting service
o dhcp: revert back to not adding an IP to static lease creation from leases page
o dhcp: allow custom configuration from directories
o firmware: add python version to crash report header
o opendns: update OpenDNS IPv6 servers (contributed by Johan Rylander)
o openvpn: add domain search option to servers and overrides
o unbound: add custom "destination address" as advanced option for blocklists
o unbound: disabling the first DNS override entry invalidates config
o unbound: make blocklist additions/removals dynamic to prevent a restart
o unbound: zero_ttl is no longer a valid statistic (contributed by David Mora)
o mvc: distinct between HTTP errors 401 and 403 during authentication
o mvc: call microtime(true) only once during config save (contributed by csbyte)
o plugins: os-acme-client 3.11[1]
o plugins: os-ddclient 1.7[2]
o plugins: os-debug 1.5 fixes deprecated xdebug syntax
o plugins: os-frr 1.29[3]
o plugins: os-nginx 1.28[4]
o plugins: os-postfix 1.22[5]
o plugins: os-wireguard 1.11[6]
o src: pf: fix memory leaks in nvlist usage
o src: pf: stop resolving hosts as dns that use ":" modifier
o src: e1000: Increase rx_buffer_size to 32b
o src: igc: Increase rx_buffer_size local variable to 32b
o src: assorted non-functional cleanups and typo corrections
o ports: curl 7.84.0[7]
o ports: krb5 1.20[8]
o ports: lighttpd 1.4.65[9]
o ports: nss 3.79[10]
o ports: openssl 1.1.1q[11]
o ports: openvpn 2.5.7[12]
o ports: php 7.4.30[13]
o ports: py-certifi 2022.5.18.1
o ports: sqlite3 3.38.5[14]
o ports: strongswan 5.9.6[15]
o ports: sudo 1.9.11p2[16]
o ports: unbound 1.16.0[17]
Stay safe,
Your OPNsense team
--
[1] https://github.com/opnsense/plugins/blob/stable/22.1/security/acme-client/pkg-descr
[2] https://github.com/opnsense/plugins/blob/stable/22.1/dns/ddclient/pkg-descr
[3] https://github.com/opnsense/plugins/blob/stable/22.1/net/frr/pkg-descr
[4] https://github.com/opnsense/plugins/blob/stable/22.1/www/nginx/pkg-descr
[5] https://github.com/opnsense/plugins/blob/stable/22.1/mail/postfix/pkg-descr
[6] https://github.com/opnsense/plugins/blob/stable/22.1/net/wireguard/pkg-descr
[7] https://curl.se/changes.html#7_84_0
[8] https://web.mit.edu/kerberos/krb5-1.20/
[9] https://www.lighttpd.net/2022/6/7/1.4.65/
[10] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.79_release_notes
[11] https://www.openssl.org/news/openssl-1.1.1-notes.html
[12] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25#Changesin2.5.7
[13] https://www.php.net/ChangeLog-7.php#7.4.30
[14] https://sqlite.org/releaselog/3_38_5.html
[15] https://github.com/strongswan/strongswan/releases/tag/5.9.6
[16] https://www.sudo.ws/stable.html#1.9.11p2
[17] https://nlnetlabs.nl/projects/unbound/download/#unbound-1-16-0