Current File : //backups/router/usr/local/opnsense/changelog/20.7.r1.htm
<p>Hi there,</p><p>For five and a half years, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.</p><p>We thank all of you for helping test, shape and contribute to the project! We know it would not be the same without you. <3</p><p>Download links, an installation guide[<a target="_blank" href="https://docs.opnsense.org/manual/install.html">1</a>] and the checksums for the images can be found below as well.</p><p><ul><li>Europe: <a target="_blank" href="https://mirrors.dotsrc.org/opnsense/releases/20.7/">https://mirrors.dotsrc.org/opnsense/releases/20.7/</a></li><li>US East Coast: <a target="_blank" href="http://mirrors.nycbug.org/pub/opnsense/releases/20.7/">http://mirrors.nycbug.org/pub/opnsense/releases/20.7/</a></li><li>US West Coast: <a target="_blank" href="https://mirror.sfo12.us.leaseweb.net/opnsense/releases/20.7/">https://mirror.sfo12.us.leaseweb.net/opnsense/releases/20.7/</a></li><li>South America: <a target="_blank" href="https://mirror.venturasystems.tech/opnsense/releases/20.7/">https://mirror.venturasystems.tech/opnsense/releases/20.7/</a></li><li>Australia: <a target="_blank" href="http://mirror.as24220.net/opnsense/releases/20.7/">http://mirror.as24220.net/opnsense/releases/20.7/</a></li><li>Full mirror list: <a target="_blank" href="https://opnsense.org/download/">https://opnsense.org/download/</a></li></ul></p><p>Here are the full patch notes against 20.1.8_1:</p><p><ul><li>system: allow to optionally disable legacy logging (clog)</li><li>system: do not allow login redirects to visit external pages</li><li>system: add new "auth user changed" config event and hook it into LDAP updatePolicies()</li><li>system: adapt to 3wire serial console setting</li><li>system: figure out which sysctls are writeable before attempting to write them</li><li>system: Windows-friendly Nextcloud configuration backup file timestamp (contributed by Alphakilo)</li><li>system: disable PCRE JIT in PHP config</li><li>system: clean up start / stop beep handler</li><li>interfaces: improved VLAN handling and defaults for more stable netmap use on 12.1</li><li>interfaces: support DHCPv6 multi-WAN (contributed by Team Rebellion)</li><li>interfaces: show delegated prefix in overview (contributed by Team Rebellion)</li><li>interfaces: DHCPv4 no-release and debug options moved to global interface settings</li><li>interfaces: automatically register loopback device lo0</li><li>firewall: handle new net.pf.request_maxcount system limit accordingly</li><li>firewall: properly evaluate and execute gateway monitoring kill states feature</li><li>firewall: add the iplen option to shaper rules (contributed by Maxfield Allison)</li><li>firewall: show partial alias content in tooltip</li><li>firewall: translated static log overview page to MVC</li><li>firewall: aliases now show internal aliases</li><li>firewall: validate if NAT destination contains a port</li><li>firewall: prevent config_read_array() from adding an empty lo0</li><li>firmware: added fingerprint for 20.7 series</li><li>firmware: hint at missing plugins and request to install or dismiss</li><li>intrusion detection: extend rule search with metadata and show results on rule info</li><li>intrusion detection: updated pattern options (contributed by Xeroxxx)</li><li>intrusion detection: synchronize suricata.yaml with default template</li><li>network time: NMEA GPS clock messages latitude and longitude parsing fix (contributed by mikahe)</li><li>network time: prevent widget PHP warnings if no GPS fix was returned in NMEA message (contributed by mikahe)</li><li>unbound: integrate functionality formerly known as "unbound-plus" plugin (contributed by Michael Muenz)</li><li>web proxy: support for custom error pages (sponsored by Incenter Technology)</li><li>web proxy: add connect_timeout (contributed by Michael Muenz)</li><li>web proxy: allow PURGE on cache (contributed by sazb)</li><li>web proxy: add missing IPv6 listener</li><li>mvc: add "S" option for AllowDynamic in InterfaceField type</li><li>mvc: LegacyLinkField not allowed to return null in __toString()</li><li>backend: add safeguard for illegal configd settings leading to overrides on the same command leaf</li><li>backend: emove undocumented and unused alias support</li><li>mvc: support virtual nodes in model instances</li><li>rc: implement inline variables for skip and defer service start</li><li>ui: unify edit dialog and add onBeforeRenderDialog event deferrable</li><li>ui: use firewall groups to group interfaces menu accordingly</li><li>ui: moved virtual IP menu entry to interfaces</li><li>ui: jQuery 3.5.1</li><li>plugins: os-dyndns 1.22[<a target="_blank" href="https://github.com/opnsense/plugins/pull/1654">2</a>]</li><li>plugins: os-intrusion-detection-content-et-pro 1.0.2 switches to Suricata 5 rules</li><li>plugins: os-telegraf 1.8.1[<a target="_blank" href="https://github.com/opnsense/plugins/blob/stable/20.7/net-mgmt/telegraf/pkg-descr">3</a>]</li><li>plugins: os-theme-rebellion 1.8.6 (contributed by Team Rebellion)</li><li>plugins: os-tinc fixes switch mode[<a target="_blank" href="https://github.com/opnsense/plugins/pull/1733">4</a>]</li><li>plugins: os-wireguard 1.2[<a target="_blank" href="https://github.com/opnsense/plugins/pull/1865">5</a>]</li><li>src: HardenedBSD 12.1-p7</li><li>ports: ca_root_nss 3.54</li><li>ports: curl 7.71.1[<a target="_blank" href="https://curl.se/changes.html#7_71_1">6</a>]</li><li>ports: php 7.3.20[<a target="_blank" href="https://www.php.net/ChangeLog-7.php#7.3.20">7</a>]</li><li>ports: python 3.7.8[<a target="_blank" href="https://docs.python.org/release/3.7.8/whatsnew/changelog.html">8</a>]</li><li>ports: sqlite 3.32.3[<a target="_blank" href="https://sqlite.org/releaselog/3_32_3.html">9</a>]</li><li>ports: suricata 5.0.3[<a target="_blank" href="https://suricata-ids.org/2020/04/28/suricata-5-0-3-released/">10</a>]</li></ul></p><p>Known issues and limitations:</p><p><ul><li>Legacy MPD plugins os-l2tp, os-pppoe and os-pptp will no longer be available</li><li>i386 architecture builds will no longer be available</li><li>Installer still advertises 20.1</li></ul></p><p>The public key for the 20.7 series is:</p><p><pre>-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAngIbBcRin9AmDSOsjpft
7aK52TLkOzRc94NqKKnn6ALd6poEuFqYl1tfNT6XumBJDsRL1s56UYfjS8zpvFW3
HdzKOv4YtIln6qUuC1w8TXYNprasB/laYoBn2xeCGX5L6carlujQ+h0rsj+kpawr
E0/d6oRzR69cxQyoDQHD559Wv4nA795M6QGDhhl3dDq/92gzrrq3C5gJ7ldHi13c
inM2Fw+oPUfEIWUt/sqUTZheEk0Df3LSiJlgjQDhjh5uujTLgvX8IzfYAb8clgY3
DplgOh4ReoFnx6XVERSPa91ZJGeCV4dTGD2hU40rzU1lkQaiVUITLsfjrYUsNMEo
jdG+ndGIPTOrwXH4yGRZuUZZ612ALtO6bd4V1kAOLOS07mo4JB4poEbbB0lvZJSG
iTmU9od8zutnLkD66Q/qI8e6OcL0yqjwwG9DzCKg23M6cVWfyBTJhKoqQyhNWnzZ
bzvgOXfhOA8jn8FPChaU5OiIrv+g56pQrWKcQsvgQMqlyR+/AFSIrrqprCjDkfOG
bxFqTGkPb1n32nbnXJOA5Z43G9/PtBV8lvaEzli6Vehh+Zrcuy8yupbiVWSqTOfp
E5cYAmrlDkxKyAlZQtH6EhMF1VBQRrlqGhss5XYoE3DQDqWdhUbGv8Qiiv7ROCza
SIMuSzc6u35MooDRDZF4Ba0CAwEAAQ==
-----END PUBLIC KEY-----</pre></p><p>Please let us know about your experience!</p><p><br>Stay safe,<br> Your OPNsense team</p><p><pre>SHA256 (OPNsense-20.7.r1-OpenSSL-dvd-amd64.iso.bz2) = d54dca6390497d45b831f68f352fccf84881aac78a360247965e5c9b36fbfded
SHA256 (OPNsense-20.7.r1-OpenSSL-nano-amd64.img.bz2) = f78d51d53bf663df2d49a3724812893d8c55234ab8d4a9232663fa581496edbe
SHA256 (OPNsense-20.7.r1-OpenSSL-serial-amd64.img.bz2) = 984f8c9d63598f061cc8995245dea73703532c1bb688ac87cdb1e510fb53b80e
SHA256 (OPNsense-20.7.r1-OpenSSL-vga-amd64.img.bz2) = 711811e0a7d37d323a060c52590daa9f024e77c6da627530c6596367a09b412d</pre></p>
Mini Shell