Current File : //backups/router/usr/local/opnsense/changelog/25.1.5.htm
<p>Howdy,</p><p>This release improves overall RADIUS support, moves the captive portal from IPFW to PF, creates visibility of external certificate sources in the system and offers a glimpse into the filter automation GUI revamp which could one day replace the remaining static firewall rules edit pages.</p><p>Speaking of static pages: MVC/API conversions are almost 80% complete now and we would really like to continue that trend. Also brace for impact as we crash-land Dnsmasq DHCP support in a stable release within the next 90 days!</p><p>Here are the full patch notes:</p><p><ul><li>system: extend XMLRPC "nosync" support to keep backup items for new cases</li><li>system: improved RADIUS RFC alignment and use Message Authenticator by default</li><li>system: prevent recursion loop when CAs are cross-referencing each other</li><li>system: fix URL hash in certificate link so redirection shows the correct menu path</li><li>system: fix off by one error due to line ending at the end of a log file</li><li>system: offer config directory to store locations for external certificates and support it in the certificates widget</li><li>system: allow multiple manual DNS search domains</li><li>system: fix gateway watcher backoff</li><li>system: minor code cleanups in auth.inc</li><li>reporting: move NetFlow backend single_pass to command line parameters for easier debugging</li><li>reporting: use client time in traffic dashboard widget</li><li>firewall: automation filter UI revamp</li><li>firewall: fix presentation when alias name overlaps group name</li><li>firewall: fix regression in alias table in JSON format</li><li>firewall: move pipe and queue configuration to "dnctl" service</li><li>firewall: replace update_params for argparse in filter log reader</li><li>captive portal: migrate backend from IPFW to PF</li><li>firmware: ignore dashboard check for updates link automation if user clicks check for updates too</li><li>firmware: fix reboot flag handling due to changed BooleanField default in 25.1.4</li><li>firmware: add cleanup audit script</li><li>ipsec: move mobile clients charon attributes to "Advanced settings"</li><li>ipsec: pre-shared key permission fix</li><li>kea-dhcp: add missing ACL privileges</li><li>kea-dhcp: allow manual configuration for advanced scenarios</li><li>openvpn: add "Enable static challenge (OTP)" option in client export</li><li>openvpn: display virtual IPv6 addresses for clients in dashboard widget (contributed by cs-1 and lucaspalomodevelop)</li><li>router advertisements: fix list of source addresses on overlapping link-locals (contributed by Robin Müller)</li><li>unbound: drop "exclude" phrase from plugin log entry</li><li>unbound: add optional TTL field</li><li>mvc: prefer ui/user_portal above system_usermanager_passwordmg.php in ACLs</li><li>mvc: implement "ignore" field type in forms</li><li>ui: include "all" instead of only "solid" and "brands" Font Awesome styles</li><li>ui: ensure fields stay aligned relatively to another when headers are used in forms</li><li>ui: add fetch_options() which can build grouped selectpickers</li><li>ui: improve and extend Bootgrid behaviour</li><li>plugins: os-caddy 1.8.5[<a target="_blank" href="https://github.com/opnsense/plugins/blob/stable/25.1/www/caddy/pkg-descr">1</a>]</li><li>plugins: os-sftp-backup 1.1 adds hostname prefix and filedrop-only support (contributed by beposec)</li><li>src: ifconfig: fix reporting optics on most 100g interfaces</li><li>src: igc: fix attach for I226-K and LMVP devices</li><li>src: inpcb: assorted changes for upcoming FIB support</li><li>src: ipfw: fix dump_soptcodes() handler</li><li>src: ixgbe: add support for 1000BASE-BX SFP modules</li><li>src: ixgbe: fix mailbox ack handling</li><li>src: netinet6: add the missing lock acquire to nd6_get_llentry</li><li>src: netinet: fix getcred sysctl handlers to do nothing if no input is given</li><li>src: netinet: if mb_unmapped_to_ext() failed, return directly</li><li>src: netlink: fix getting route scope of interface IPv4 addresses</li><li>src: ovpn: fix use-after-free of mbuf</li><li>src: pf: improve pf_state_key_attach() error handling</li><li>src: pf: only force state failure logging if logging was requested</li><li>src: pfkey2: use correct value for a key length</li><li>src: routing: do not allow PINNED routes to be overriden</li><li>src: sctp: fix double unlock in case adding a remote address fails</li><li>src: tcp: clear sendfile logging struct</li><li>src: udp: do not recursively enter net epoch</li><li>src: wg: remove overly-restrictive address family check</li><li>ports: lighttpd 1.4.79[<a target="_blank" href="https://www.lighttpd.net/2025/4/4/1.4.79/">2</a>]</li><li>ports: openvpn 2.6.14[<a target="_blank" href="https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26#Changesin2.6.14">3</a>]</li><li>ports: phalcon 5.9.2[<a target="_blank" href="https://github.com/phalcon/cphalcon/releases/tag/v5.9.2">4</a>]</li><li>ports: py-duckdb 1.2.2[<a target="_blank" href="https://github.com/duckdb/duckdb/releases/tag/v1.2.2">5</a>]</li></ul></p><p>A hotfix release was issued as 25.1.5_1:</p><p><ul><li>ipsec: fix auth server parsing regression</li></ul></p><p>A hotfix release was issued as 25.1.5_4:</p><p><ul><li>captive portal: fix regression when NAT reflection is enabled</li><li>captive portal: fix command line argument parsing in backend</li><li>captive portal: remove obsolete interfaces_inbound option that works by default now</li></ul></p><p>A hotfix release was issued as 25.1.5_5:</p><p><ul><li>captive portal: missing fix for command line argument parsing in backend</li></ul></p><p><br>Stay safe,<br> Your OPNsense team</p>
Mini Shell