Software-update: OPNsense 26.1.1

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, OpenVPN, IPsec, CARP en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars achter OPNsense hebben versie 26.1.1 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.

OPNsense 26.1.1 released

This ships OpenSSL and Python security updates as well as address a number of shortcomings of the initial 26.1 and community-infused improvements of the new rules GUI which we would not have dreamed of to get this quickly. We are very happy with the current state of the new rules GUI and all the discussions we have had on how it can be further improved. It is just the beginning. A roadmap for 26.7 will be in the works later this month.

Looking back 11 years it appears that the best hopes we had for the project back then have all come true. It took lot longer than expected but we got there together with you, our beloved community. It will only take a bit more work now to achieve MVC/API support for all core components and remove root access from the web GUI. And we hope that you will be up for it in the coming years as well. Images will likely be reissued based on this release, but it is not an immediate priority. Upgrade paths from 25.7 will also be updated in the near future to ensure the best possible upgrade experience.

Here are the full patch notes:

• interfaces: fix WLAN creation when $mode is empty
• interfaces: fix interface settings save with disabled ISC DHCPv6 server
• interfaces: add optional interval input to ping
• firewall: fix rule anchor rendering for plugins
• firewall: prevent autocomplete in alias auth password
• firewall: validate UUID on rules migration import
• firewall: fix overload table setting being written as UUID into pf.conf in new rules GUI
• firewall: local-port field in destination NAT does not support range and well-known name
• firewall: change toggle_log icon to help visibility in new rules GUI
• firewall: add missing schedules support for new rules GUI
• firewall: make statistics column responsive for new rules GUI
• firewall: add link to states and put it first in list in new rules GUI
• firewall: add "any" interface filter option and make it the default
• reporting: render RRD integer as string in command invoke
• dnsmasq: compare leases case insensitive
• firmware: opnsense-code: allow -r to specify the release branch for core/plugins
• firmware: opnsense-patch: when patching make no backups
• firmware: opnsense-update: batch use of -g and -G options
• kea: add several missing validations
• kea: use hostwatch as source for prefix watcher
• openssh: style update for config generation
• radvd: correctly verify constructor interface if used
• lang: added Persian as a new language and a few updates/fixes in existing translations
• installer: ufs: flush the disk to avoid spurious partitioning errors
• mvc: support verbose logging in run_migrations.php
• mvc: shield exec_safe() against fatal type errors
• mvc: mark exported CSV as content safe to disable escaping
• mvc: ArrayField: support throwing exceptions in importRecordSet()
• mvc: fix class names of ManualSpdController and VxlanController
• mvc: BaseModel: create missing nodes in legacy mapper
• ui: bootgrid: allow multi word tooltips (contributed by Matthias Kaduk)
• ui: bootgrid: introduce toggle-selected command
• ui: bootgrid: searchable column selectors
• ui: move refresh of selectpicker types into setFormData() and improve type detection
• plugins: os-acme-client 4.13
• plugins: os-ddclient 1.30
• plugins: os-freeradius 1.10.1
• plugins: os-tayga 1.4
• plugins: os-tinc 1.8 adds disable subnet routes option (contributed by Thojo0)
• src: fix multiple vulnerabilities in OpenSSL
• src: jail escape by a privileged user via nullfs
• src: arm64 SVE signal context misalignment
• src: page fault handler fails to zero memory
• ports: dnsmasq 2.92
• ports: libxml 2.15.1
• ports: openssl 3.0.19
• ports: phalcon 5.10.0
• ports: php 8.3.30
• ports: phpseclib 3.0.49
• ports: python security fixes