Hi everyone,
We are skipping a bit ahead with 16.1.11 to address a CSRF vulnerability, which outlines the path we have been on since we started[1] and we will surely continue this security-aware trend.
In other news, this update includes native GeoIP alias support, captive portal voucher customisations requested by many and the last batch of Russian, effectively bringing it to 100% completed. Wow!
Here is the full change log:
- services: fix CSRF vulnerability in status_services.php[2]
- www: strengthen CSRF secret generation for legacy pages
- dhcp: bring back usage of the authoritative directive
- system: allow periodic backups of RRD and DHCP for non-MFS
- openvpn: status page would not show the correct process status
- captive portal: add option for less secure passwords, password and username length
- firewall: add GeoIP aliases feature
- languages: completed Russian translation (contributed by Smart-Soft Ltd.)
- languages: updated French
Stay safe,
Your OPNsense team