Hi there,
This update to 18.1.8 contains several improvements, kernel security patches and third-party software updates.
Highlights include boot support on an otherwise installed ZFS. The default route handling was improved to minimise issues with unstable links. A NUT plugin is now available as well as a second optional theme.
Here are the full patch notes:
- system: improve VLAN console assignment handling
- system: move backup crypto code to the only page using it
- system: improve validation for web GUI related settings
- system: split off monitor reload for upcoming dpinger integration
- system: default route handler skips an already active default route
- system: default route handler purges hint files only when switching to a newer route
- system: default gateway switching uses the standard default route handler
- system: properly add LDAP picker to ACL
- system: properly unset password expired message after password change
- interfaces: clear up use IPv4 connectivity and fix several typos
- interfaces: parse and report tunnel data
- interfaces: move dhclient-script to proper location
- interfaces: allow SLAAC to latch on to IPv4 link
- reporting: add destination address in Insight detail search
- dhcp: fix labels of services to align with menu
- dhcp: domain-search-list usage was removed in 2012
- ipsec: rewrite resolve_retry() for its only use case
- ipsec: improve RADIUS secret escaping (contributed by Rafael Cano)
- ipsec: fix missing disable of DH group setting
- router advertisements: correctly merge DNS server arrays
- router advertisements: fix DNSSL settings
- router advertisements: fix duplicated subnet statements
- openssh: also use static interface IP addresses to listen on explicitly
- unbound: allow wildcard host entry (contributed by Eugen Mayer)
- webgui: also use static interface IP addresses to listen on explicitly
- backend: improve escaping of passed parameters
- ui: correct heigh of the login title bar
- ui: unify the label printing of interfaces
- ui: refactor script match for help messages
- rc: ZFS boot awareness
- plugins: os-cache 1.0 is an optional web server cache for the GUI/API
- plugins: os-debug 1.3 now holds its own PHP settings
- plugins: os-nut 1.0 (contributed by Michael Muenz)
- plugins: os-snmp 1.3 improves handling of interface binding
- plugins: os-theme-cicada 1.0 (contributed by Rene via Team Rebellion)
- src: mishandling of x86 debug exceptions[1]
- src: multiple small kernel memory disclosures[2]
- src: timezone database information updates[3]
- ports: ca_root_nss 3.37
- ports: krb5 1.16.1[4]
- ports: liblz4 1.8.2[5]
- ports: python 2.7.15[6]
- ports: sqlite 3.23.1[7]
- ports: sudo 1.8.23[8]
Stay safe,
Your OPNsense team