Software Update: OPNsense 20.7.6

The package OPNsense is a firewall with extensive opportunities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up completely via a web interface and has support for 2fa, openvpn, ipsec, carp and captive portal, among others. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 20.7.6 with the following announcement:

OPNsense 20.7.6 released

This update brings the usual mix of reliability fixes, plugin and third party software updates: FreeBSD, HardenedBSD, PHP, OpenSSH, StrongSwan, Suricata and Syslog-ng amongst others. Please note that Let’s Encrypt users need to reissue their certificates manually after upgrading to this version to fix the embedded certificate chain issue with the current signing CA switch going on. The mail backup plugin is currently not available pending a response from the maintainer. Users are advised to avoid using it for the moment.

Here are the full patch notes:

  • system: no longer enforce alias names in gateways
  • system: add “step into” icon on log lines when filtering
  • system: add current CPU load progress bar (contributed by kulikov-a)
  • firewall: allow larger selection in live log
  • firewall: correctly select current IPv6 field in getInterfaceGateway()
  • firewall: add validation for ipv6-icmp combined with inet
  • reporting: traffic graph replacement using iftop
  • openvpn: calculate first network address as gateway address when only ifconfig_local is given
  • web proxy: throw startup error to user
  • plugins: os-acme-client 2.1
  • plugins: os-frr 1.19
  • plugins: os-mail-backup not available due to unaddressed security concerns
  • src: fix parsing of netmap legacy nmr->nr_ringid
  • src: fix mutex double unlock bug in netmap
  • src: minor misc netmap improvements
  • src: improve netmap(4) and vale(4) man pages
  • src: IPV6_PKTINFO support for v4-mapped IPv6 sockets
  • src: zero-initialize variables in HBSD PaX SEGVGUARD
  • src: fix execve/fexecve system call auditing
  • src: fix uninitialized variable in ipfw
  • src: fix race condition in callout CPU migration
  • src: fix ICMPv6 use-after-free in error message handling
  • src: fix multiple vulnerabilities in rtsold
  • src: update timezone database information
  • ports: krb5 1.18.3
  • ports: nss 3.59
  • ports: openldap 2.4.56
  • ports: openssh 8.4p1
  • ports: php 7.3.25
  • ports: strongswan 5.9.1
  • ports: suricata 5.0.5
  • ports: syslog-ng 3.30.1

Version number 20.7.6
Release status Final
Operating systems Linux, BSD
Website OPNsense
Download https://opnsense.org/download/
License type Conditions (GNU/BSD/etc.)
Comments
Loading...