From 83afe06e46132d64a7b55757d4298b85cd27cc09 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Mon, 20 Feb 2023 15:58:19 +0100
Subject: [PATCH] changelogs

---
 source/releases/BE_22.10.rst | 24 ++++++++++++++++++++++++
 source/releases/CE_23.1.rst  | 12 +++++++++++-
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/source/releases/BE_22.10.rst b/source/releases/BE_22.10.rst
index 3e313d32..32d83dcc 100644
--- a/source/releases/BE_22.10.rst
+++ b/source/releases/BE_22.10.rst
@@ -16,6 +16,30 @@ the images can be found below as well.
 https://downloads.opnsense.com/
 
 
+--------------------------------------------------------------------------
+22.10.2 (February 20, 2023)
+--------------------------------------------------------------------------
+
+This business release is based on the OPNsense 22.7.11 community version
+with additional reliability improvements.
+
+Here are the full patch notes:
+
+* interfaces: fix VLAN missing a config lock on delete
+* firewall: do not switch gateway on bootup
+* intrusion detection: properly reset metadata response when no metadata is found
+* unbound: missing global so that cache is never flushed when requested
+* mvc: cleanse $record input in searchRecordsetBase() before usage
+* src: fix multiple OpenSSL vulnerabilities `[1] <FREEBSD:FreeBSD-SA-23:03.openssl>`__ 
+* src: geli: split the initalization of HMAC `[2] <FREEBSD:FreeBSD-SA-23:01.geli>`__ 
+* src: fix ena driver crash after reset in 7th gen AWS instance types `[3] <FREEBSD:FreeBSD-EN-23:03.ena>`__ 
+* src: fix sdhci broken write-protect settings `[4] <FREEBSD:FreeBSD-EN-23:02.sdhci>`__ 
+* src: import tzdata 2022g `[5] <FREEBSD:FreeBSD-EN-23:01.tzdata>`__ 
+* src: x86: ignore stepping for APL30 errata
+* ports: openssl 1.1.1t `[6] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+
+
+
 --------------------------------------------------------------------------
 22.10.1 (February 01, 2023)
 --------------------------------------------------------------------------
diff --git a/source/releases/CE_23.1.rst b/source/releases/CE_23.1.rst
index b8b3dda3..d0b20bec 100644
--- a/source/releases/CE_23.1.rst
+++ b/source/releases/CE_23.1.rst
@@ -54,7 +54,7 @@ compared to early 2015 which is now already over 8 years ago!
 Here are the full patch notes:
 
 * system: replace single exec_command() with new shell_safe() wrapper
-* system: fix assorted PHP 8.2 deprecation notes
+* system: fix assorted PHP 8.1 deprecation notes
 * system: remove overreaching "Reconfigure a plugin facility" cron job and backend command that has no visible users
 * interfaces: fix VLAN rename after protocol addition in 23.1
 * interfaces: fix VLAN missing a config lock on delete
@@ -120,6 +120,16 @@ Here are the full patch notes:
 * ports: openssl 1.1.1t `[12] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
 * ports: php 8.1.15 `[13] <https://www.php.net/ChangeLog-8.php#8.1.15>`__ 
 
+A hotfix release was issued as 23.1.1_2:
+
+* captive portal: remove mod_evasion use which was discontinued by lighttpd
+* unbound: wait for pipe in logger (contributed by kulikov-a)
+
+Rate limiting was removed from the captive portal which was set to 250
+connections by the same IP to the captive portal itself.  This can be
+easily replaced by a manual firewall rule with advanced options set, e.g.
+"Max established" set to 250 with destination "This Firewall".
+
 
 
 --------------------------------------------------------------------------