Howdy fellow firewall enthusiasts,

we hereby proudly announce our latest and greatest stable update This is almost completely GUI-oriented (frontend and backend) due to numerous cleanups we’ve done in pursuit of the 15.1.8 release and its new config subsystem. A huge thank you goes to everybody who submitted bugs over the course of the last week.

The firmware upgrade is online-only, so either go through the GUI or the console. (A bit of bumpiness may be present in the GUI upgrade. After PHP packages have been removed you can safely steer away from the page and recheck for firmware updates to make sure the firmware has been upgraded correctly.)

Here is the full list of changes:

  • core: removed numerous unused function from the code base
  • core: fixed numerous `Illegal string offset’ warnings
  • core: fixed numerous `Cannot create references to/from string offsets nor overloaded objects’ errors related to 15.1.8’s config system switch
  • captive portal: properly redirect to original page after entering a valid voucher
  • xmlrcp: replaced the whole legacy implementation due to issues with the latest PHP version to unbreak the feature
  • core: fixed an ancient background execution bug that prevented the spawned process from fully detaching from its parent
  • firmware: completely detached the firmware upgrade from the GUI to make it more reliable and hide empty update tables
  • dashboard: polish the version information print and also show OpenSSL/LibreSSL version for better awareness
  • xmlrpc: removed dangerous PHP and shell execution hooks
  • core: removed the backwards compatibility code for base OpenSSL as we don’t want to use it anymore
  • core: fixed unstable GUI and console factory reset
  • system settings: finally flipped the SSH key only checkbox to properly align with the underlying settings name of `PasswordAuthentication’
  • core: removed usage of numerous legacy PHP plugins in favour of more portable approaches
  • logs: captive portal logs now have the proper layout
  • logs: fixed firewall log parsing to unhide log entries for IP protocols that were not TCP/UDP/ICMP
  • crash reporter: revamp the crash report layout and add appropriate feedback messages (note that the send button isn’t enabled but we’ll get there)
  • interfaces: fixed WAN PPPOE edit
  • configd: do not emit an error on shutdown
  • configd: gained a background execution feature
  • development: added hooks for running custom rc scripts
  • development: enable PHP warnings for core.git mount

If you do not possess a running installation, the images for 15.1.8 are available through at least one of our shiny new our mirrors. Make sure you upgrade to as soon as you installed 15.1.8 to avoid all unnecessary hiccups:

Stay safe,
Your OPNsense team