Good morning,
This update ships with the optional gateway monitoring tool dpinger and a new config backup option onto Nextcloud. SSL crypto libraries have been updated to address CVE-2018-0732 along with other updates to assorted third party software.
Here are the full patch notes:
- system: provide default for user language
- system: do not allow spaces in group names
- system: dpinger gateway monitor option (contributed by Team Rebellion)
- system: prepare for upcoming DH parameter regeneration feature
- system: Nextcloud backup support (contributed by Fabian Franz)
- system: userid 0 has trouble with %s in redirects, use %d instead
- system: QR code quiet zone support[1]
- system: add selectpicker style where previously missing
- firmware: allow both origin.conf and OPNsense.conf to be used for repository setup
- firmware: exclude password database files from base update as it breaks sudo
- interfaces: clean up reload structure for single interfaces
- interfaces: remove unused interface reload script
- interfaces: simplify semantics of link_interface_to_track6()
- interfaces: assorted cleanups in the code
- firewall: add enable flag to shaper rules
- firewall: improve parsing speed of firewall log
- firewall: fix wrong alias reference in outbound rules
- firewall: generate ipfw comments for debugging (contributed by Robin Schneider)
- firewall: move color settings from schedules to theme (contributed by Fabian Franz)
- intrusion detection: correct typo in CSS
- openvpn: raise default DH parameter to 2048 bit
- console: pass output of stop scripts to user during halt/reboot
- console: clarify that installer is for installing when SSH is off also
- rc: change NetFlow backup to only stop/start when needed
- rc: backup and restore via XML files again
- rc: slightly refactor halt/reboot/shutdown
- rc: break out config stop script
- rc: simplify configctl plumbing
- ui: add country flags for upcoming changes in GeoIP handling
- ui: trigger onChange event to support custom hooks in form post
- ui: change multi-select default from tokenizer to selectpicker
- ui: add support for custom separators in select items
- plugins: test for template scripts before executing them
- plugins: os-acme-client fixes password field usage
- plugins: os-relayd 2.0 MVC rewrite (contributed by Frank Brendel)
- plugins: os-smart 1.3 translation and UI fixes (contributed by Fabian Franz)
- plugins: os-upnp daemon now uses CHECK_PORTINUSE and PF_FILTER_RULES port options
- plugins: os-zerotier 1.3.2 translation and UI fixes (contributed by Smart-Soft)
- ports: ca_root_nss 3.37.3
- ports: libressl 2.6.5[2]
- ports: openssl patch for CVE-2018-0732[3]
- ports: phalcon 3.4.0[4]
- ports: sqlite 3.24.0[5]
- ports: strongswan 5.6.3[6]
- ports: unbound 1.7.2[7]
Stay safe,
Your OPNsense team