changelogs

2026-05-28 04:02:12 -04:00 · 2024-09-14 18:24:03 +02:00 · 2024-09-14 18:24:03 +02:00 · f3b95c5646
commit f3b95c5646
parent 8657b71488
20 changed files with 114 additions and 37 deletions
--- a/source/CE_releases.rst
+++ b/source/CE_releases.rst
@ -8,7 +8,7 @@ Community Edition
    :width: 600px
    :align: center

-As of January 2015 there have been *291* releases leading to the latest version *24.7.3*
+As of January 2015 there have been *292* releases leading to the latest version *24.7.4*
 named "Thriving Tiger".


--- a/source/releases/BE_20.1.rst
+++ b/source/releases/BE_20.1.rst
@ -302,7 +302,7 @@ Here are the full patch notes:
 * ports: curl 7.69.1 `[15] <https://curl.se/changes.html#7_69_1>`__ 
 * ports: krb5 1.18 `[16] <https://web.mit.edu/kerberos/krb5-1.18/>`__ 
 * ports: openssh 8.2p1 `[17] <https://www.openssh.com/txt/release-8.2>`__ 
-* ports: openssl 1.1.1f `[18] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1f `[18] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: perl 5.30.2 `[19] <https://perldoc.perl.org/5.30.2/perldelta>`__ 
 * ports: php 7.2.29 `[20] <https://www.php.net/ChangeLog-7.php#7.2.29>`__ 
 * ports: python 3.7.7 `[21] <https://docs.python.org/release/3.7.7/whatsnew/changelog.html>`__ 
@ -580,7 +580,7 @@ Here are the full patch notes against 19.7.9_1:
 * plugins: os-zabbix-agent 1.7 `[3] <https://github.com/opnsense/plugins/pull/1578>`__  `[4] <https://github.com/opnsense/plugins/pull/1618>`__ 
 * ports: ca_root_nss 3.49.1
 * ports: curl 7.68.0 `[5] <https://curl.se/changes.html#7_68_0>`__ 
-* ports: openssl 1.1.1d `[6] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1d `[6] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 

 Known issues and limitations:

--- a/source/releases/BE_20.7.rst
+++ b/source/releases/BE_20.7.rst
@ -273,7 +273,7 @@ Here are the full patch notes:
 * ports: curl 7.73.0 `[3] <https://curl.se/changes.html#7_73_0>`__ 
 * ports: libxml fixes for CVE-2019-20388, CVE-2020-7595 and CVE-2020-24977
 * ports: nss 3.58 `[4] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_58.html>`__ 
-* ports: openssl 1.1.1h `[5] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1h `[5] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: php 7.3.23 `[6] <https://www.php.net/ChangeLog-7.php#7.3.23>`__ 
 * ports: pkg 1.15.10
 * ports: radvd patch for dynamic interface shifting index
--- a/source/releases/BE_21.10.rst
+++ b/source/releases/BE_21.10.rst
@ -55,7 +55,7 @@ Here are the full patch notes:
 * ports: hostapd 2.10 `[12] <https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog>`__ 
 * ports: lighttpd 1.4.63 `[13] <https://www.lighttpd.net/2021/12/4/1.4.63/>`__ 
 * ports: nss 3.74 `[14] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_74.html>`__ 
-* ports: openssl 1.1.1m `[15] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1m `[15] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: openvpn 2.5.5 `[16] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25#Changesin2.5.5>`__ 
 * ports: php 7.4.27 `[17] <https://www.php.net/ChangeLog-7.php#7.4.27>`__ 
 * ports: sqlite 3.37.2 `[18] <https://sqlite.org/releaselog/3_37_2.html>`__ 
--- a/source/releases/BE_21.4.rst
+++ b/source/releases/BE_21.4.rst
@ -99,7 +99,7 @@ Here are the full patch notes:
 * ports: libxml 2.9.12 `[10] <https://gitlab.gnome.org/GNOME/libxml2/-/blob/master/NEWS>`__ 
 * ports: nss 3.67 `[11] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_67.html>`__ 
 * ports: openldap 2.4.59 `[12] <https://www.openldap.org/software/release/changes.html>`__ 
-* ports: openssl 1.1.1l `[13] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1l `[13] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: pcre2 10.37 `[14] <https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.37>`__ 
 * ports: phalcon 4.1.2 `[15] <https://github.com/phalcon/cphalcon/releases/tag/v4.1.2>`__ 
 * ports: php 7.4.20 `[16] <https://www.php.net/ChangeLog-7.php#7.4.20>`__ 
@ -520,7 +520,7 @@ Here are the full patch notes:
 * ports: monit 5.27.2 `[32] <https://mmonit.com/monit/changes/>`__ 
 * ports: openldap 2.4.58 `[33] <https://www.openldap.org/software/release/changes.html>`__ 
 * ports: openssh fix for double free in ssh-agent `[34] <https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/015_sshagent.patch.sig>`__ 
-* ports: openssl 1.1.1k `[35] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1k `[35] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: perl 5.32.1 `[36] <https://perldoc.perl.org/5.32.1/perldelta>`__ 
 * ports: php 7.3.27 `[37] <https://www.php.net/ChangeLog-7.php#7.3.27>`__ 
 * ports: pkg now provides fallback for version mismatch on pkg-add
--- a/source/releases/BE_22.10.rst
+++ b/source/releases/BE_22.10.rst
@ -36,7 +36,7 @@ Here are the full patch notes:
 * src: fix sdhci broken write-protect settings `[4] <https://www.freebsd.org/security/advisories/FreeBSD-EN-23:02.sdhci.asc>`__ 
 * src: import tzdata 2022g `[5] <https://www.freebsd.org/security/advisories/FreeBSD-EN-23:01.tzdata.asc>`__ 
 * src: x86: ignore stepping for APL30 errata
-* ports: openssl 1.1.1t `[6] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1t `[6] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 

 A hotfix release was issued as 22.10.2_1:

@ -158,7 +158,7 @@ Here are the full patch notes:
 * ports: krb5 1.20.1 `[16] <https://web.mit.edu/kerberos/krb5-1.20/>`__ 
 * ports: libxml 2.10.3 `[17] <https://gitlab.gnome.org/GNOME/libxml2/-/blob/master/NEWS>`__ 
 * ports: nss 3.87 `[18] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_87.html>`__ 
-* ports: openssl 1.1.1s `[19] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1s `[19] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: openvpn 2.5.8 `[20] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25#Changesin2.5.8>`__ 
 * ports: pcre 10.42 `[21] <https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.42>`__ 
 * ports: phalcon 5.1.4 `[22] <https://github.com/phalcon/cphalcon/releases/tag/v5.1.4>`__ 
--- a/source/releases/BE_22.4.rst
+++ b/source/releases/BE_22.4.rst
@ -123,7 +123,7 @@ Here are the full patch notes:
 * ports: krb5 1.20 `[8] <https://web.mit.edu/kerberos/krb5-1.20/>`__ 
 * ports: lighttpd 1.4.65 `[9] <https://www.lighttpd.net/2022/6/7/1.4.65/>`__ 
 * ports: nss 3.79 `[10] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_79.html>`__ 
-* ports: openssl 1.1.1q `[11] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1q `[11] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: openvpn 2.5.7 `[12] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25#Changesin2.5.7>`__ 
 * ports: php 7.4.30 `[13] <https://www.php.net/ChangeLog-7.php#7.4.30>`__ 
 * ports: py-certifi 2022.5.18.1
@ -493,7 +493,7 @@ Here are the full patch notes:
 * ports: monit 5.30.0 `[28] <https://mmonit.com/monit/changes/>`__ 
 * ports: nss 3.76 `[29] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_76.html>`__ 
 * ports: openssh 8.9p1 `[30] <https://www.openssh.com/txt/release-8.9>`__ 
-* ports: openssl 1.1.1n `[31] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1n `[31] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: openvpn 2.5.6 `[32] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25#Changesin2.5.6>`__ 
 * ports: pcre / pcre2 enable JIT support
 * ports: pecl-psr 1.2.0 `[33] <https://pecl.php.net/package-changelog.php?package=psr&release=1.2.0>`__ 
@ -510,7 +510,7 @@ A hotfix release was issued as 22.4_2:
 * interfaces: include VIPS for primary IPv4 detection
 * mvc: prevent silent crashes in legacy XML attribute emulation
 * ports: curl 7.83.0 `[41] <https://curl.se/changes.html#7_83_0>`__ 
-* ports: openssl 1.1.1o `[42] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1o `[42] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 

 Known issues and limitations:

--- a/source/releases/BE_23.10.rst
+++ b/source/releases/BE_23.10.rst
@ -590,7 +590,7 @@ Here are the full patch notes:
 * ports: filterlog fix to prevent crash on default rule number -1
 * ports: nss 3.93 `[18] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_93.html>`__ 
 * ports: openldap 2.6.6 `[19] <https://www.openldap.org/software/release/changes.html>`__ 
-* ports: openssl 1.1.1w `[20] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1w `[20] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: openvpn 2.6.6 `[21] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26#Changesin2.6.6>`__ 
 * ports: perl 5.34.1 `[22] <https://perldoc.perl.org/5.34.1/perldelta>`__ 
 * ports: phalcon 5.3.1 `[23] <https://github.com/phalcon/cphalcon/releases/tag/v5.3.1>`__ 
--- a/source/releases/BE_23.4.rst
+++ b/source/releases/BE_23.4.rst
@ -100,7 +100,7 @@ Here are the full patch notes:
 * ports: nss 3.90 `[9] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html>`__ 
 * ports: ntp 4.2.8p17 `[10] <https://www.ntp.org/support/securitynotice/>`__ 
 * ports: openssh 9.3p2 `[11] <https://www.openssh.com/txt/release-9.3p2>`__ 
-* ports: openssl 1.1.1v `[12] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1v `[12] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: openvpn 2.6.5 `[13] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26#Changesin2.6.5>`__ 
 * ports: phalcon 5.2.2 `[14] <https://github.com/phalcon/cphalcon/releases/tag/v5.2.2>`__ 
 * ports: php 8.1.20 `[15] <https://www.php.net/ChangeLog-8.php#8.1.20>`__ 
--- a/source/releases/BE_24.4.rst
+++ b/source/releases/BE_24.4.rst
@ -156,7 +156,7 @@ Here are the full patch notes:
 * ports: libxml 2.11.8 `[8] <https://gitlab.gnome.org/GNOME/libxml2/-/blob/master/NEWS>`__ 
 * ports: lighttpd 1.4.76 `[9] <https://www.lighttpd.net/2024/4/12/1.4.76/>`__ 
 * ports: ntp 4.2.8p18 `[10] <https://www.ntp.org/support/securitynotice/4_2_8-series-changelog/#428p18>`__ 
-* ports: openssl 3.0.14 `[11] <https://www.openssl.org/news/cl30.txt>`__ 
+* ports: openssl 3.0.14 `[11] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: pecl-mcrypt 1.0.7
 * ports: phalcon 5.7.0 `[12] <https://github.com/phalcon/cphalcon/releases/tag/v5.7.0>`__ 
 * ports: php 8.2.19 `[13] <https://www.php.net/ChangeLog-8.php#8.2.19>`__ 
@ -410,7 +410,7 @@ Here are the full patch notes:
 * ports: nss 3.99 `[22] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_99.html>`__ 
 * ports: openldap 2.6.7 `[23] <https://www.openldap.org/software/release/changes.html>`__ 
 * ports: openssh-portable 9.7p1 `[24] <https://www.openssh.com/txt/release-9.7>`__ 
-* ports: openssl 3.0.13 `[25] <https://www.openssl.org/news/cl30.txt>`__ 
+* ports: openssl 3.0.13 `[25] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: openssl fix for CVE-2024-2511 `[26] <https://github.com/freebsd/freebsd-ports/commit/3d9fc064b7>`__ 
 * ports: openvpn 2.6.10 `[27] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26#Changesin2.6.10>`__ 
 * ports: pcre2 10.43 `[28] <https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.43>`__ 
--- a/source/releases/CE_20.1.rst
+++ b/source/releases/CE_20.1.rst
@ -302,7 +302,7 @@ Here are the full patch notes:
 * ports: curl 7.69.1 `[15] <https://curl.se/changes.html#7_69_1>`__ 
 * ports: krb5 1.18 `[16] <https://web.mit.edu/kerberos/krb5-1.18/>`__ 
 * ports: openssh 8.2p1 `[17] <https://www.openssh.com/txt/release-8.2>`__ 
-* ports: openssl 1.1.1f `[18] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1f `[18] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: perl 5.30.2 `[19] <https://perldoc.perl.org/5.30.2/perldelta>`__ 
 * ports: php 7.2.29 `[20] <https://www.php.net/ChangeLog-7.php#7.2.29>`__ 
 * ports: python 3.7.7 `[21] <https://docs.python.org/release/3.7.7/whatsnew/changelog.html>`__ 
@ -580,7 +580,7 @@ Here are the full patch notes against 19.7.9_1:
 * plugins: os-zabbix-agent 1.7 `[3] <https://github.com/opnsense/plugins/pull/1578>`__  `[4] <https://github.com/opnsense/plugins/pull/1618>`__ 
 * ports: ca_root_nss 3.49.1
 * ports: curl 7.68.0 `[5] <https://curl.se/changes.html#7_68_0>`__ 
-* ports: openssl 1.1.1d `[6] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1d `[6] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 

 Known issues and limitations:

--- a/source/releases/CE_20.7.rst
+++ b/source/releases/CE_20.7.rst
@ -273,7 +273,7 @@ Here are the full patch notes:
 * ports: curl 7.73.0 `[3] <https://curl.se/changes.html#7_73_0>`__ 
 * ports: libxml fixes for CVE-2019-20388, CVE-2020-7595 and CVE-2020-24977
 * ports: nss 3.58 `[4] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_58.html>`__ 
-* ports: openssl 1.1.1h `[5] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1h `[5] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: php 7.3.23 `[6] <https://www.php.net/ChangeLog-7.php#7.3.23>`__ 
 * ports: pkg 1.15.10
 * ports: radvd patch for dynamic interface shifting index
--- a/source/releases/CE_21.1.rst
+++ b/source/releases/CE_21.1.rst
@ -424,7 +424,7 @@ Here are the full patch notes:
 * ports: libressl 3.2.5 `[8] <https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.5-relnotes.txt>`__ 
 * ports: openldap 2.4.58 `[9] <https://www.openldap.org/software/release/changes.html>`__ 
 * ports: openssh fix for double free in ssh-agent `[10] <https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/015_sshagent.patch.sig>`__ 
-* ports: openssl 1.1.1k `[11] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1k `[11] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: sudo 1.9.6p1 `[12] <https://www.sudo.ws/stable.html#1.9.6p1>`__ 
 * ports: suricata 5.0.6 `[13] <https://suricata-ids.org/2021/03/02/suricata-6-0-2-and-5-0-6-released/>`__ 
 * ports: syslog-ng 3.31.2 `[14] <https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.31.2>`__ 
@ -553,7 +553,7 @@ Here are the full patch notes:
 * plugins: os-theme-vicuna 1.3 (contributed by Team Rebellion)
 * ports: curl 7.75.0 `[4] <https://curl.se/changes.html#7_75_0>`__ 
 * ports: libressl 3.2.4 `[5] <https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.4-relnotes.txt>`__ 
-* ports: openssl 1.1.1j `[6] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1j `[6] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: php 7.3.27 `[7] <https://www.php.net/ChangeLog-7.php#7.3.27>`__ 
 * ports: squid 4.14 `[8] <http://www.squid-cache.org/Versions/v4/squid-4.14-RELEASENOTES.html>`__ 
 * ports: unbound 1.13.1 `[9] <https://nlnetlabs.nl/projects/unbound/download/#unbound-1-13-1>`__ 
--- a/source/releases/CE_21.7.rst
+++ b/source/releases/CE_21.7.rst
@ -77,7 +77,7 @@ Here are the full patch notes:
 * ports: hostapd 2.10 `[12] <https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog>`__ 
 * ports: lighttpd 1.4.63 `[13] <https://www.lighttpd.net/2021/12/4/1.4.63/>`__ 
 * ports: nss 3.74 `[14] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_74.html>`__ 
-* ports: openssl 1.1.1m `[15] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1m `[15] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: openvpn 2.5.5 `[16] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25#Changesin2.5.5>`__ 
 * ports: php 7.4.27 `[17] <https://www.php.net/ChangeLog-7.php#7.4.27>`__ 
 * ports: sqlite 3.37.2 `[18] <https://sqlite.org/releaselog/3_37_2.html>`__ 
@ -480,7 +480,7 @@ Here are the full patch notes:
 * ports: nss 3.69 `[9] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69.html>`__ 
 * ports: monit 5.29.0 `[10] <https://mmonit.com/monit/changes/>`__ 
 * ports: mpd5 adds L2TP interoperability fix from upstream
-* ports: openssl 1.1.1l `[11] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1l `[11] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: php 7.4.23 `[12] <https://www.php.net/ChangeLog-7.php#7.4.23>`__ 
 * ports: strongswan 5.9.3 `[13] <https://github.com/strongswan/strongswan/releases/tag/5.9.3>`__ 
 * ports: sudo 1.9.7p2 `[14] <https://www.sudo.ws/stable.html#1.9.7p2>`__ 
--- a/source/releases/CE_22.1.rst
+++ b/source/releases/CE_22.1.rst
@ -74,7 +74,7 @@ Here are the full patch notes:
 * plugins: os-telegraf 1.12.5 `[3] <https://github.com/opnsense/plugins/blob/stable/22.1/net-mgmt/telegraf/pkg-descr>`__ 
 * ports: curl 7.84.0 `[4] <https://curl.se/changes.html#7_84_0>`__ 
 * ports: nss 3.80 `[5] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_80.html>`__ 
-* ports: openssl 1.1.1q `[6] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1q `[6] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: phalcon 5.0.0RC2 `[7] <https://github.com/phalcon/cphalcon/releases/tag/v5.0.0RC2>`__ 
 * ports: py-vici 5.9.3
 * ports: python 3.9.13 `[8] <https://docs.python.org/release/3.9.13/whatsnew/changelog.html>`__ 
@ -239,7 +239,7 @@ Here are the full patch notes:
 * plugins: os-zabbix-proxy 1.8 `[6] <https://github.com/opnsense/plugins/blob/stable/22.1/net-mgmt/zabbix-proxy/pkg-descr>`__ 
 * ports: curl 7.83.0 `[7] <https://curl.se/changes.html#7_83_0>`__ 
 * ports: nss 3.78 `[8] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html>`__ 
-* ports: openssl 1.1.1o `[9] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1o `[9] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: pcre2 10.40 `[10] <https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.40>`__ 
 * ports: php 7.4.29 `[11] <https://www.php.net/ChangeLog-7.php#7.4.29>`__ 
 * ports: pkg 1.17.5 `[12] <https://github.com/freebsd/freebsd-ports/commit/18793d10585f>`__ 
@ -371,7 +371,7 @@ Here are the full patch notes:
 * src: debugnet: remove spurious message on boot
 * ports: ca_root_nss fix for faulty upstream file linking
 * ports: libressl 3.3.6 `[4] <https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.3.6-relnotes.txt>`__ 
-* ports: openssl 1.1.1n `[5] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1n `[5] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: openvpn 2.5.6 `[6] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25#Changesin2.5.6>`__ 

 A hotfix release was issued as 22.1.4_1:
@ -770,7 +770,7 @@ Here are the full patch notes against version 21.7.7:
 * ports: hostapd 2.10 `[15] <https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog>`__ 
 * ports: lighttpd 1.4.63 `[16] <https://www.lighttpd.net/2021/12/4/1.4.63/>`__ 
 * ports: nss 3.74 `[17] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_74.html>`__ 
-* ports: openssl 1.1.1m `[18] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1m `[18] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: openvpn 2.5.5 `[19] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25#Changesin2.5.5>`__ 
 * ports: pecl-psr 1.2.0 `[20] <https://pecl.php.net/package-changelog.php?package=psr&release=1.2.0>`__ 
 * ports: phalcon 4.1.3 `[21] <https://github.com/phalcon/cphalcon/releases/tag/v4.1.3>`__ 
@ -1007,7 +1007,7 @@ Here are the full patch notes against 21.7.7:
 * ports: flock 2.37.2
 * ports: lighttpd 1.4.63 `[13] <https://www.lighttpd.net/2021/12/4/1.4.63/>`__ 
 * ports: nss 3.73.1 `[14] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_73_1.html>`__ 
-* ports: openssl 1.1.1m `[15] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1m `[15] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: openvpn 2.5.5 `[16] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25#Changesin2.5.5>`__ 
 * ports: phalcon 4.1.3 `[17] <https://github.com/phalcon/cphalcon/releases/tag/v4.1.3>`__ 
 * ports: php 7.4.27 `[18] <https://www.php.net/ChangeLog-7.php#7.4.27>`__ 
--- a/source/releases/CE_22.7.rst
+++ b/source/releases/CE_22.7.rst
@ -281,7 +281,7 @@ Here are the full patch notes:
 * src: u3g: add more USB IDs
 * ports: libxml 2.10.3 `[15] <https://gitlab.gnome.org/GNOME/libxml2/-/blob/master/NEWS>`__ 
 * ports: nss 3.84 `[16] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html>`__ 
-* ports: openssl 1.1.1s `[17] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1s `[17] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: openvpn 2.5.8 `[18] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25#Changesin2.5.8>`__ 
 * ports: phalcon 5.1.0 `[19] <https://github.com/phalcon/cphalcon/releases/tag/v5.1.0>`__ 
 * ports: php 8.0.25 `[20] <https://www.php.net/ChangeLog-8.php#8.0.25>`__ 
--- a/source/releases/CE_23.1.rst
+++ b/source/releases/CE_23.1.rst
@ -123,7 +123,7 @@ Here are the full patch notes:
 * ports: krb5 1.21 `[4] <https://web.mit.edu/kerberos/krb5-1.21/>`__ 
 * ports: nss 3.90 `[5] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90.html>`__ 
 * ports: ntp 4.2.8p17 `[6] <https://www.ntp.org/support/securitynotice/>`__ 
-* ports: openssl 1.1.1u `[7] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1u `[7] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: openvpn 2.6.5 `[8] <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26#Changesin2.6.5>`__ 
 * ports: phalcon 5.2.2 `[9] <https://github.com/phalcon/cphalcon/releases/tag/v5.2.2>`__ 
 * ports: php 8.1.20 `[10] <https://www.php.net/ChangeLog-8.php#8.1.20>`__ 
@ -662,7 +662,7 @@ Here are the full patch notes:
 * ports: dpinger 3.3 `[9] <https://github.com/dennypage/dpinger/releases/tag/v3.3>`__ 
 * ports: lighttpd 1.4.68 `[10] <https://www.lighttpd.net/2023/1/3/1.4.68/>`__ 
 * ports: openssh 9.1p1 `[11] <https://www.openssh.com/txt/release-9.1>`__ 
-* ports: openssl 1.1.1t `[12] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1t `[12] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: php 8.1.15 `[13] <https://www.php.net/ChangeLog-8.php#8.1.15>`__ 

 A hotfix release was issued as 23.1.1_2:
--- a/source/releases/CE_23.7.rst
+++ b/source/releases/CE_23.7.rst
@ -568,7 +568,7 @@ Here are the full patch notes:
 * plugins: os-tinc adds missing subnet-down script (contributed by andrewhotlab)
 * ports: curl 8.3.0 `[1] <https://curl.se/changes.html#8_3_0>`__ 
 * ports: nss 3.93 `[2] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_93.html>`__ 
-* ports: openssl 1.1.1w `[3] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1w `[3] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: phalcon 5.3.1 `[4] <https://github.com/phalcon/cphalcon/releases/tag/v5.3.1>`__ 
 * ports: phpseclib 3.0.23 `[5] <https://github.com/phpseclib/phpseclib/releases/tag/3.0.23>`__ 
 * ports: sqlite 3.43.1 `[6] <https://sqlite.org/releaselog/3_43_1.html>`__ 
@ -789,7 +789,7 @@ Here are the full patch notes:
 * ports: curl 8.2.1 `[5] <https://curl.se/changes.html#8_2_1>`__ 
 * ports: dnspython 2.4.1
 * ports: nss 3.92 `[6] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_92.html>`__ 
-* ports: openssl 1.1.1v `[7] <https://www.openssl.org/news/openssl-1.1.1-notes.html>`__ 
+* ports: openssl 1.1.1v `[7] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: perl 5.34.1 `[8] <https://perldoc.perl.org/5.34.1/perldelta>`__ 
 * ports: strongswan 5.9.11 `[9] <https://github.com/strongswan/strongswan/releases/tag/5.9.11>`__ 
 * ports: syslog-ng 4.3.1 `[10] <https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.3.1>`__ 
--- a/source/releases/CE_24.1.rst
+++ b/source/releases/CE_24.1.rst
@ -121,7 +121,7 @@ Here are the full patch notes:
 * ports: dhcp6c 20240607 additions for WAN tracking, interface ID specification, etc.
 * ports: nss 3.100 `[3] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_100.html>`__ 
 * ports: openldap 2.6.8 `[4] <https://www.openldap.org/software/release/changes.html>`__ 
-* ports: openssl 3.0.14 `[5] <https://www.openssl.org/news/cl30.txt>`__ 
+* ports: openssl 3.0.14 `[5] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: php 8.2.20 `[6] <https://www.php.net/ChangeLog-8.php#8.2.20>`__ 
 * ports: py-duckdb 1.0.0 `[7] <https://github.com/duckdb/duckdb/releases/tag/v1.0.0>`__ 
 * ports: py-netaddr 1.3.0 `[8] <https://netaddr.readthedocs.io/en/latest/changes.html#release-1-3-0>`__ 
@ -600,7 +600,7 @@ Here are the full patch notes:
 * plugins: os-tor 1.10 adds MyFamily support (contributed by Mike Bishop)
 * ports: nss 3.97 `[4] <https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_97.html>`__ 
 * ports: openldap 2.6.7 `[5] <https://www.openldap.org/software/release/changes.html>`__ 
-* ports: openssl 3.0.13 `[6] <https://www.openssl.org/news/cl30.txt>`__ 
+* ports: openssl 3.0.13 `[6] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: syslog-ng 4.6.0 `[7] <https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.6.0>`__ 


@ -708,7 +708,7 @@ Here are the full patch notes against 23.7.12:
 * src: sys: Use mbufq_empty instead of comparing mbufq_len against 0
 * src: e1000/igc: remove disconnected sysctl
 * ports: libxml 2.11.6 `[5] <https://gitlab.gnome.org/GNOME/libxml2/-/blob/master/NEWS>`__ 
-* ports: openssl 3.0.12 `[6] <https://www.openssl.org/news/cl30.txt>`__ 
+* ports: openssl 3.0.12 `[6] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: php 8.2.15 `[7] <https://www.php.net/ChangeLog-8.php#8.2.15>`__ 
 * ports: py-duckdb 0.9.2
 * ports: sqlite 3.45.0 `[8] <https://sqlite.org/releaselog/3_45_0.html>`__ 
@ -832,7 +832,7 @@ Here are the full patch notes against 23.7.12:
 * src: tuntap: merge assorted stable changes
 * src: wireguard: add netmap support
 * ports: libxml 2.11.6 `[2] <https://gitlab.gnome.org/GNOME/libxml2/-/blob/master/NEWS>`__ 
-* ports: openssl 3.0.12 `[3] <https://www.openssl.org/news/cl30.txt>`__ 
+* ports: openssl 3.0.12 `[3] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
 * ports: py-duckdb 0.9.2
 * ports: suricata 7.0.2 `[4] <https://forum.suricata.io/t/suricata-7-0-2-released/4069>`__ 

--- a/source/releases/CE_24.7.rst
+++ b/source/releases/CE_24.7.rst
@ -30,6 +30,83 @@ can be found below as well.
 * Full mirror list: https://opnsense.org/download/


+--------------------------------------------------------------------------
+24.7.4 (September 12, 2024)
+--------------------------------------------------------------------------
+
+
+Since we are currently having a vivid discussion about what constitutes
+a downstream or upstream issue in the FreeBSD scope we will revert the
+FreeBSD-SA-24:05.pf advisory until further notice.  As confirmed by many
+users this brings ICMPv6 and therefore IPv6 back to an uneventful stable
+state.  We will be trying to work with FreeBSD on the issue as it seems
+unavoidable that we meet it again when working on FreeBSD 14.2 inclusion.
+
+In other IPv6 news we found a strange regression in dhcp6c introduced in
+24.7.2 and reverted the offending commits for now.  What this tells us,
+though, is that we did uncover an inherent issue with the timeout value
+generation that may be present since two decades in the code at least.
+
+Apart from smaller fixes for the dashboard, trust pages, this update
+also ships the first backwards-compatible PPP rework patch.  The ultimate
+goal here is to offer IPv6-only connectivity which requires untangling
+old code to be IP family agnostic.  Should you note any change in behaviour
+please do not hesitate to contact us.
+
+BTW, the roadmap for 25.1 has been decided and will be published soon.
+
+Here are the full patch notes:
+
+* system: recover stuck monitors and offer a cron job
+* system: use built-in controller logic for JSON decoding on dashboard
+* system: map derivative field cert_type to expose purpose to the UI
+* system: handle stale "pfsyncinterfaces" and improve workflow
+* system: tweak the boot detection for code minimalism
+* system: do not save x/y widget coordinates on smaller screens
+* system: fix CARP widget on invalid CARP configuration
+* system: fix storing private key when creating a CSR
+* reporting: remove nonexistent 3G statistics
+* interfaces: force regeneration of link-local on spoofed MAC
+* interfaces: add proper validation for 6RD and 6to4
+* interfaces: add new "vpn_map" event to deprecate "vpn"
+* interfaces: unify PPP linkup/linkdown scripting
+* interfaces: replace "newwanip" from interface apply with "early"
+* interfaces: move IPv6 over IPv4 connectivity to a separate script
+* interfaces: port VXLAN to newwanip_map event
+* firewall: replace filter_(un)lock() with a FileObject lock
+* isc-dhcp: allow to disable a DHCPv6 server with faulty settings
+* firmware: remove auto-retry from fetch invokes
+* firmware: allow auto-configure patching via full URL
+* firmware: automatically handle most plugin conflicts
+* openssh: convert to newwanip_map and rework the code
+* openvpn: add username field to the status page
+* openvpn: add close-on-exec flag to service lock file
+* unbound: add discard-timeout (contributed by Nigel Jones)
+* wireguard: fix widget display with public key reuse
+* wireguard: add close-on-exec flag to service lock file
+* ui: allow style tag on headers
+* plugins: os-helloworld 1.4
+* plugins: os-caddy 1.7.0 `[1] <https://github.com/opnsense/plugins/blob/stable/24.7/www/caddy/pkg-descr>`__ 
+* src: revert FreeBSD-SA-24:05.pf until further notice to restore proper IPv6 behaviour `[2] <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280701>`__ 
+* src: agp: Set the driver-specific field correctly
+* src: cron(8) / periodic(8) session login `[3] <https://www.freebsd.org/security/advisories/FreeBSD-EN-24:15.calendar.asc>`__ 
+* src: multiple vulnerabilities in libnv `[4] <https://www.freebsd.org/security/advisories/FreeBSD-SA-24:09.libnv.asc>`__ 
+* src: bhyve(8) privileged guest escape via TPM device passthrough `[5] <https://www.freebsd.org/security/advisories/FreeBSD-SA-24:10.bhyve.asc>`__ 
+* src: multiple issues in ctl(4) CAM target layer `[6] <https://www.freebsd.org/security/advisories/FreeBSD-SA-24:11.ctl.asc>`__ 
+* src: bhyve(8) privileged guest escape via USB controller `[7] <https://www.freebsd.org/security/advisories/FreeBSD-SA-24:12.bhyve.asc>`__ 
+* src: possible DoS in X.509 name checks in OpenSSL `[8] <https://www.freebsd.org/security/advisories/FreeBSD-SA-24:13.openssl.asc>`__ 
+* src: umtx kernel panic or use-after-free `[9] <https://www.freebsd.org/security/advisories/FreeBSD-SA-24:14.umtx.asc>`__ 
+* src: revert "ixl: fix multicast filters handling" `[10] <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281125>`__ 
+* ports: dhcp6c 20240907 for now reverts instability regression in random number handling
+* ports: openssl 3.0.15 `[11] <https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md>`__ 
+* ports: php 8.2.23 `[12] <https://www.php.net/ChangeLog-8.php#8.2.23>`__ 
+
+A hotfix release was issued as 24.7.4_1:
+
+* interfaces: fix PPP regression of empty gateway default
+
+
+
 --------------------------------------------------------------------------
 24.7.3 (August 29, 2024)
 --------------------------------------------------------------------------