diff --git a/source/CE_releases.rst b/source/CE_releases.rst index 0c6f7771..be43c1f0 100644 --- a/source/CE_releases.rst +++ b/source/CE_releases.rst @@ -8,7 +8,7 @@ Community Edition :width: 600px :align: center -As of January 2015 there have been *292* releases leading to the latest version *24.7.4* +As of January 2015 there have been *293* releases leading to the latest version *24.7.5* named "Thriving Tiger". diff --git a/source/releases/BE_24.4.rst b/source/releases/BE_24.4.rst index 1c229186..a8bb1c7c 100644 --- a/source/releases/BE_24.4.rst +++ b/source/releases/BE_24.4.rst @@ -17,6 +17,27 @@ the images can be found below as well. https://downloads.opnsense.com/ +-------------------------------------------------------------------------- +24.4.3 (September 17, 2024) +-------------------------------------------------------------------------- + +This business release is based on the OPNsense 24.4.2 business version +with additional reliability improvements. + +Here are the full patch notes: + +* system: add snapshots (boot environments) support via MVC/API (contributed by Sheridan Computers) +* system: recover stuck monitors and offer a cron job +* isc-dhcp: allow to disable a DHCPv6 server with faulty settings +* openvpn: add close-on-exec flag to service lock file +* openvpn: add username field to the status page +* wireguard: add close-on-exec flag to service lock file +* mvc: improve container field cloning +* ui: allow style tag on headers +* ports: openssl 3.0.15 `[1] `__ + + + -------------------------------------------------------------------------- 24.4.2 (August 16, 2024) -------------------------------------------------------------------------- diff --git a/source/releases/CE_24.7.rst b/source/releases/CE_24.7.rst index 0d6d305e..e5453d82 100644 --- a/source/releases/CE_24.7.rst +++ b/source/releases/CE_24.7.rst @@ -30,6 +30,81 @@ can be found below as well. * Full mirror list: https://opnsense.org/download/ +-------------------------------------------------------------------------- +24.7.5 (September 26, 2024) +-------------------------------------------------------------------------- + + +This release removes significant processing overhead from larger setups +due to being able to coalesce parallel configuration requests for the same +component instead of iterating over the list of selected interfaces one +by one. A number of third party software updates and FreeBSD security +advisories are included as well. + +This update also disables NUMA by default which can bring a boost in +network throughput on affected systems. And of course we are still +working on dashboard improvements so now the treasured picture widget +is back with a better integration approach. + +Also take note that the NTP default changes to "restrict noquery" so that +the system cannot externally be queried for revealing system internals +anymore unless explicitly allowed. + +The technical stuff out of the way we would simply like to add that we +had a great time at EuroBSDCon in Dublin over the weekend. Lots of good +and productive conversations. Looking forward to more of those! :) + +Here are the full patch notes: + +* system: update default dashboard layout and include the services widget +* system: render header for failed active widgets to allow identification and removal +* system: add ability for widget referral links +* system: cleaned up ACL definitions and use thereof +* system: add a picture widget +* system: default to vm.numa.disabled=1 +* system: handle log lines with no timestamp (contributed by Iain MacDonnell) +* system: use interface maps in system_routing_configure() and dpinger_configure_do() +* system: when only selecting TLS1.3 ciphers make sure to only allow 1.3 as well in web GUI +* system: move web GUI restart to newwanip_map / plugins_argument_map() use +* interfaces: move compatible event listeners to newwanip_map +* interfaces: decouple PPP configure/reset from IPv4/IPv6 modes +* interfaces: move legacy RFC2136 invoke to plugin hook +* interfaces: add "spoofmac" device option and enforce it +* interfaces: prevent CARP VIP removal when VHID group is in use by IP aliases +* interfaces: routing configuration on changed interfaces only during apply +* firmware: opnsense-update: support unescaped mirror input (contributed by Michael Gmelin) +* firmware: opnsense-verify: show repository priority while listing active repositories +* ipsec: convert to vpn_map event invoke and plugins_argument_map() use +* monit: fix undefined function error in CARP script +* network time: enable "restrict noquery" by default (contributed by doktornotor) +* openssh: port to plugins_argument_map() +* openvpn: validate "Auth Token Lifetime" to require a non-zero renegotiate time in instances +* openvpn: convert to vpn_map event invoke and plugins_argument_map() use +* wireguard: convert to vpn_map event invoke +* ui: refine cookie policies and make them explicit +* plugins: add plugins_argument_map() helper +* plugins: os-caddy 1.7.1 `[1] `__ +* src: bhyve: improve input validation in pci_xhci `[2] `__ +* src: libnv: correct the calculation of the size of the structure `[3] `__ +* src: ifnet: Remove if_getamcount() +* src: ifnet: Add handling for toggling IFF_ALLMULTI in ifhwioctl() +* src: ifconfig: Add an allmulti verb +* src: date: include old and new time in audit log +* src: bpf: Add IfAPI analogue for bpf_peers_present() +* src: pf: use AF_INET6 when comparing IPv6 addresses +* src: if_ovpn: ensure it is safe to modify the mbuf +* src: if_ovpn: declare our dependency on the crypto module +* ports: curl 8.10.0 `[4] `__ +* ports: dhcp6c 20240919 reintroduced fixed arc4random() usage +* ports: expat 2.6.3 `[5] `__ +* ports: libpfctl 0.13 +* ports: libxml 2.11.9 `[6] `__ +* ports: nss 3.104 `[7] `__ +* ports: python 3.11.10 `[8] `__ +* ports: sudo 1.9.16 `[9] `__ + + + -------------------------------------------------------------------------- 24.7.4 (September 12, 2024) --------------------------------------------------------------------------