Hi there,
Lots of small improvements. Of note are Eve JSON payload syslog export now works for 4 kb payload blobs. The outdated Google API PHP client was replaced. LibreSSL is now at version 3.0.2. Plus another Intel SA advisory via FreeBSD.
Here are the full patch notes:
- system: generate self-signed server certificate for web GUI by default
- system: let net.local.dgram.maxdgram default to 8192 bytes
- system: spawn Dpinger process in background to avoid hangs
- system: switch backup to Google API PHP client v2
- system: add interface groups to HA sync
- interfaces: remove the "Directly send SOLICIT" option
- firewall: fix issue with label parsing when "tag" keyword was involved
- firewall: skip empty lines in rule statistics parsing
- firmware: add /etc/remote to whitelist, NTP GPS uses it
- reporting: empty NetFlow egress default passes validation
- reporting: show dialog when RRD is disabled
- dhcp: fix for domain-search option in DHCPv6 (contributed by maurice-w)
- dnsmasq: fix storing settings when no settings exist yet
- intrusion detection: lower payload-buffer-size to prevent syslog size limit
- intrusion detection: fix issue with escaped file name during rules download
- unbound: exit wrapper when process not running
- web proxy: added check on SNI field checkbox (contributed by Northguy)
- mvc: fix forceReload()
- plugins: os-acme-client 1.28[1]
- plugins: os-bind 1.10[2]
- plugins: os-nginx 1.16[3]
- plugins: os-nut 1.6[4]
- plugins: os-postfix 1.12[5]
- src: fix machine check exception on page size change[6]
- src: bump libc syslog line size to 8k
- src: import tzdata 2019c[7]
- ports: curl 7.67.0[8]
- ports: libressl 3.0.2[9]
- ports: openvpn 2.4.8[10]
- ports: perl 5.30.1[11]
- ports: phalcon 3.4.5[12]
- ports: sqlite 3.30.1[13]
- ports: squid 4.9[14]
- ports: syslog-ng 3.24.1[15]
Stay safe,
Your OPNsense team