Software-update: OPNsense 25.7.7
Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, OpenVPN, IPsec, CARP en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars achter OPNsense hebben de zesde update voor versie 25.7 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.
OPNsense 25.7.7 releasedThis update ships a number of third party security updates, firewall live log improvements based on user feedback from 25.7.6, plus minor fixes and improvements like usual. One focus at the moment is to get rid of the unsafe shell use in the backend which has been the source of multiple security issues in the project history. A few other things are coming to 25.7.x soon: a neighbor watch daemon, a new NDP proxy plugin and a community theme. Stay tuned. :)
Here are the full patch notes:system: simplify RRD backup code and remove exec() usagesystem: move valid_from search criteria to log_matcher for faster end of searchsystem: use file_safe() in gateway monitor watchersystem: refactor factory reset page to MVC and add a reset per component operating on modelsinterfaces: ifctl: always allow reads to internal state filesfirewall: automation: fix alias IP address searchfirewall: automation: allow interface parameter to contain a list of interfaces for API usersfirewall: aliases: replace invalid unicode chars (contributed by Marius Halden)firewall: live log: only execute redraw on visibility state transitionfirewall: live log: optimize viewbuffer renderingfirewall: live log: prevent re-resolving in-flight requests and move host lookup to current filtered viewfirewall: live log: fix data ordering and add table/history limit optionsfirewall: live log: use "badge" class like beforefirewall: states: fix delete_selected firewall states (contributed by Alexander Sulfrian)dnsmasq: add optgroup support to DHCP option fields and expose all DHCPv4 optionsipsec: sessions: add datakey property for row mappingipsec: status: search phase 2 triggered twice on click and cleanup tooltip event as wellopenvpn: use file_safe() to write CRL filesmvc: OptionField: properly translate optgroupmvc: JsonKeyValueStoreField: fix race condition when using SourceField in the modelmvc: persist models description in root attribute of its respective configurationrc: secure an exec() in the recovery scriptui: improve grid responsiveness via minWidth()ui: remove this.dataIdentifier as datakey defines the key to be used when asking 'row-id' or getSelectedRowsui: SimpleActionButton: add support for icons in action buttonsui: recompile default themes using dart sass (1.93.2) which changes color renderingui: keyboard shortcuts for "a"dvanced and "h"elp in MVC pages (contributed by Konstantinos Spartalis)ui: bail out on dynamic grid resize if data is loadingplugins: os-frr 1.48plugins: os-tayga 1.3ports: kea 3.0.2ports: libxml 2.14.6ports: php 8.3.27ports: sqlite 3.50.4ports: strongswan 6.0.3ports: suricata 8.0.2ports: unbound 1.24.1
system: simplify RRD backup code and remove exec() usagesystem: move valid_from search criteria to log_matcher for faster end of searchsystem: use file_safe() in gateway monitor watchersystem: refactor factory reset page to MVC and add a reset per component operating on modelsinterfaces: ifctl: always allow reads to internal state filesfirewall: automation: fix alias IP address searchfirewall: automation: allow interface parameter to contain a list of interfaces for API usersfirewall: aliases: replace invalid unicode chars (contributed by Marius Halden)firewall: live log: only execute redraw on visibility state transitionfirewall: live log: optimize viewbuffer renderingfirewall: live log: prevent re-resolving in-flight requests and move host lookup to current filtered viewfirewall: live log: fix data ordering and add table/history limit optionsfirewall: live log: use "badge" class like beforefirewall: states: fix delete_selected firewall states (contributed by Alexander Sulfrian)dnsmasq: add optgroup support to DHCP option fields and expose all DHCPv4 optionsipsec: sessions: add datakey property for row mappingipsec: status: search phase 2 triggered twice on click and cleanup tooltip event as wellopenvpn: use file_safe() to write CRL filesmvc: OptionField: properly translate optgroupmvc: JsonKeyValueStoreField: fix race condition when using SourceField in the modelmvc: persist models description in root attribute of its respective configurationrc: secure an exec() in the recovery scriptui: improve grid responsiveness via minWidth()ui: remove this.dataIdentifier as datakey defines the key to be used when asking 'row-id' or getSelectedRowsui: SimpleActionButton: add support for icons in action buttonsui: recompile default themes using dart sass (1.93.2) which changes color renderingui: keyboard shortcuts for "a"dvanced and "h"elp in MVC pages (contributed by Konstantinos Spartalis)ui: bail out on dynamic grid resize if data is loadingplugins: os-frr 1.48plugins: os-tayga 1.3ports: kea 3.0.2ports: libxml 2.14.6ports: php 8.3.27ports: sqlite 3.50.4ports: strongswan 6.0.3ports: suricata 8.0.2ports: unbound 1.24.1
Source:
Tweakers.net