Hello,
This is a security and reliability release: WAN DHCP will no longer trust the server MTU given. Uncoordinated cross site scripting issues have been fixed. And the Python request library was patched due to CVE 2018-18074.
Here are the full patch notes:
- system: address XSS-prone escaping issues[1]
- firewall: add port range validation to shaper inputs
- firewall: drop description validation constraints
- interfaces: DHCP override MTU option (contributed by Team Rebellion)
- interfaces: properly configure SIM PIN on custom modems
- reporting: prevent cleanup from deleting current data when future data exists
- ipsec: allow same local subnet if used in different phase 1 (contributed by Max Weller)
- openvpn: multiple client export fixes
- web proxy: add ESD files to Windows cache option (contributed by R-Adrian)
- plugins: os-acme-client 1.20[2]
- plugins: os-dyndns fix for themed colours (contributed by Team Rebellion)
- plugins: os-etpro-telemetry 1.1 adds random delay to telemetry data send
- plugins: os-nginx 1.7[3]
- plugins: os-rspamd reads DKIM keys via Redis (contributed by Garrod Alwood)
- plugins: os-theme-cicada 1.14 (contributed by Team Rebellion)
- plugins: os-theme-tukan 1.13 (contributed by Team Rebellion)
- ports: ca_root_nss 3.42.1
- ports: lighttpd 1.4.53[4]
- ports: py-request 2.21.0[5]
Stay safe,
Your OPNsense team