Software Update: OPNsense 22.7.3

Spread the love

The OPNsense package is a firewall with extensive opportunities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be fully configured via a web interface and includes support for 2fa, openvpn, ipsec, carp and captive portal. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 22.7.3 and this version is accompanied by the following notes:

OPNsense 22.7.3 released

Pick up the new FreeBSD security advisories while also introducing assorted reliability improvements. CRL now works again for elliptic curve with the adoption of version 3 of phpseclib. Wireless handling was improved due to PHP 8 errors and coding style issues. It is also the subject of further work for 23.1.

Here are the full patch notes:

  • system: migrate CRL handling to phpseclib version 3
  • system: run monitor reload inside system_routing_configure()
  • system: fix IPv6 link-local HTTP_REFERER check (contributed by Maurice Walker)
  • system: fix assorted PHP 8 warnings in the codebase
  • system: extend nameservers script return for debugging purposes, ie “configctl system list nameservers debug”
  • system: lighttpd obsoletion of server directive listing, disabled by default
  • system: decode stored CRL data before display (contributed by kulikov-a)
  • interfaces: update link-local matching pattern
  • interfaces: PPP is an exception, only created after interface configuration
  • interfaces: only remove known primary addresses in interface_bring_down()
  • interfaces: improve shell banner address return in prefix-only IPv6 case
  • interfaces: improve problematic node handling
  • interfaces: DHCP does not signal RELEASE
  • interfaces: web GUI locale sorts files differently when invoking ifctl
  • interfaces: improve legacy_interface_listget()
  • interfaces: only parse actual options in legacy_interfaces_details(), not nd6 options
  • firewall: implement a router file read fallback for new ifctl :slaac suffix
  • firewall: stick-address only in effect with pool option and multiple routers
  • firewall: remove dead pptpd server code
  • captive portal: lighttpd deprecation of legacy SSL options, disabled by default
  • dhcp: allow rapid-commit message exchange in IPv6 server (contributed by Maurice Walker)
  • firmware: major upgrade “pkgs” set was still unknown to plugin sync
  • intrusion detection: fix enable rule button and present active detail overwrite if present
  • ipsec: fixed widget link (contributed by Patrik Kernstock)
  • unbound: improve FQDN handling when address is moving in DHCP watcher
  • unbound: prevent DNS rebinding check and DNSSEC validation on explicit forwarded domains
  • unbound: restrict creation of PTR records for both the system domain and host overrides
  • unbound: add AAAA-only mode (contributed by Maurice Walker)
  • lang: fix syntax errors in French translation (contributed by kulikov-a)
  • ui: fix type cast issue in Bootgrid
  • plugins: os-ddclient relaxes validation of description field
  • plugins: os-frr 1.30
  • plugins: os-nginx now uses simplified NAME_setup service handling
  • plugins: os-wireguard 1.12
  • plugins: os-zabbix-agent 1.13
  • plugins: os-zabbix-proxy 1.9
  • src: rc: improve NAME_setup integration
  • src: zlib: fix a bug when getting a gzip header extra field with inflate()
  • src: tzdata: import tzdata 2022b and 2022c
  • ports: ldns 1.8.3
  • ports: liblz4 1.9.4
  • ports: libxml 2.10.1
  • ports: nss 3.82
  • ports: phpseclib 3.0.14

Version number 22.7.3
Release status Final
Operating systems Linux, BSD
Website OPNsense
License type Prerequisites (GNU/BSD/etc.)