diff --git a/source/CE_releases.rst b/source/CE_releases.rst index ee073842..6707bdfa 100644 --- a/source/CE_releases.rst +++ b/source/CE_releases.rst @@ -8,7 +8,7 @@ Community Edition :width: 600px :align: center -As of January 2015 there have been *245* releases leading to the latest version *23.1* +As of January 2015 there have been *246* releases leading to the latest version *23.1.1* named "Quintessential Quail". diff --git a/source/releases/CE_23.1.rst b/source/releases/CE_23.1.rst index 34563824..b8b3dda3 100644 --- a/source/releases/CE_23.1.rst +++ b/source/releases/CE_23.1.rst @@ -29,6 +29,99 @@ can be found below as well. * Full mirror list: https://opnsense.org/download/ +-------------------------------------------------------------------------- +23.1.1 (February 15, 2023) +-------------------------------------------------------------------------- + + +Apart from security updates for operating system and third party software +this mainly fixes issues with the initial 23.1 release. IPsec and Unbound +components in particular receive a number of improvements being the more +prominent areas of work for this series. Unbound also gained a SafeSearch +option and the new reporting database CPU usage should be much lower and +easier to use. + +Overall we are happy with how the major release turned out and look forward +to further fixes in e.g. Netmap framework including Suricata changes for +multi-threading support which has been in the works for a long time. OpenVPN +2.6 update and related changes are also pending at the moment. + +The roadmap for 23.7 will be published soon and will again include a number +of MVC/API conversions for static components. Statistics do indicate that we +are over 60% done with converting the code base to a modern framework as +compared to early 2015 which is now already over 8 years ago! + +Here are the full patch notes: + +* system: replace single exec_command() with new shell_safe() wrapper +* system: fix assorted PHP 8.2 deprecation notes +* system: remove overreaching "Reconfigure a plugin facility" cron job and backend command that has no visible users +* interfaces: fix VLAN rename after protocol addition in 23.1 +* interfaces: fix VLAN missing a config lock on delete +* interfaces: make description field show for all types of VIP (contributed by FingerlessGloves) +* interfaces: allow VHID reuse as it was before 23.1 +* firewall: prevent possible infinite loop in alias parsing (contributed by kulikov-a) +* firewall: do not calculate local port range for alias (contributed by kulikov-a) +* firewall: update validation of alias names to be slightly more restrictive +* firewall: safeguard download_geolite() and log errors +* firewall: do not switch gateway on bootup +* captive portal: enforce a database repair during operation if necessary +* firmware: move single-call function reporter page +* intrusion detection: properly reset metadata response when no metadata is found +* ipsec: allow "@" character in eap_id fields for new connections +* ipsec: missing remapping pool UUID to name for new connections +* ipsec: change status column sizing and hide local/remote auth by default +* ipsec: fix username parsing in lease status +* ipsec: refactor widget to use new data format +* ipsec: migrate duplicated cron job +* ipsec: faulty unique constraint in pre-shared keys +* ipsec: fix eap_id placement for eap-mschapv2 +* unbound: simplify logger logic for required queries +* unbound: add SafeSearch option to blocklists +* unbound: match white/blocklist action exactly from reporting page +* unbound: always prioritize whitelists over blocklists +* unbound: various UX improvements in reporting page +* unbound: add serve-expired, log-servfail, log-local-actions and val-log-level advanced settings +* unbound: drop unnecessary index from reporting database and other optimizations to lower CPU usage +* unbound: add HTTPS record type to reporting +* unbound: remember reporting page logarithmic setting +* unbound: missing global so that cache is never flushed when requested +* mvc: cleanse $record input in searchRecordsetBase() before usage +* plugins: os-haproxy 4.1 `[1] `__ +* plugins: os-openconnect 1.4.4 `[2] `__ +* plugins: os-qemu-guest-agent 1.2 `[3] `__ +* plugins: os-tayga fixes MVC interface registration +* plugins: os-wireguard fixes MVC interface registration +* src: geli: split the initalization of HMAC `[4] `__ +* src: fix ena driver crash after reset in 7th gen AWS instance types `[5] `__ +* src: fix sdhci broken write-protect settings `[6] `__ +* src: import tzdata 2022g `[7] `__ +* src: ipsec: clear pad bytes in PF_KEY messages +* src: fib_algo: set vnet when destroying algo instance +* src: if_ipsec: handle situations where there are no policy or SADB entry for if +* src: if_ipsec: protect against user supplying unknown address family +* src: if_me: use dedicated network privilege +* src: vxlan: add support for socket ioctls SIOC[SG]TUNFIB +* src: introduce and use the NET_EPOCH_DRAIN_CALLBACKS() macro +* src: iflib: Add null check to iflib_stop() +* src: x86: ignore stepping for APL30 errata +* src: pfctl: rule.label is a two-dimensional array +* src: pf: fix syncookies in conjunction with tcp fast port reuse +* src: pf: fix panic on deferred packets +* src: ipfw: Add missing 'va' code point name +* src: netmap: try to count packet drops in emulated mode +* src: netmap: fix a queue length check in the generic port rx path +* src: netmap: tell the compiler to avoid reloading ring indices +* ports: remove GnuTLS workarounds from ports previously required for LibreSSL +* ports: dnsmasq 2.89 `[8] `__ +* ports: dpinger 3.3 `[9] `__ +* ports: lighttpd 1.4.68 `[10] `__ +* ports: openssh-portable 9.1p1 `[11] `__ +* ports: openssl 1.1.1t `[12] `__ +* ports: php 8.1.15 `[13] `__ + + + -------------------------------------------------------------------------- 23.1 (January 26, 2023) --------------------------------------------------------------------------