Good morning everyone,
Security updates for Squid, Suricata and NTP are now available, although more are pending which would indicate a version 18.1.4 later this week. Also, a number of firewall section fixes have been included.
Here are the full patch notes:
- system: account for variable headers in top output
- system: move gateway status into main pages
- system: slightly reorder routing configuration calls
- system: optimize reading of SSL crypto library version string (contributed by Alexander Shursha)
- system: rework LDAP authentication container selection
- interfaces: avoid interaction of overview details with menu items
- interfaces: allow "reject leases from" option in DHCP advanced settings
- firewall: set alias cron update interval to 1 minute
- firewall: align alias cron update with its background call
- firewall: URL IP alias type missing in selections
- firewall: fix defunct alias target in outbound NAT
- firewall: ignore alias case while searching
- firewall: move rule category filter to the top of the page
- firewall: show IPv6 ports in live log and fix details for TCP
- firewall: move general settings to AliasParser and fix Alias constructor to receive them
- firewall: if the name of the alias equals its content try to resolve
- dhcp: advertisement problem on PPPoE link without public IPv6 address (contributed by Team Rebellion)
- dhcp: UEFI 64 network boot using wrong arch type
- dhcp: validate maximum interface MTU
- dhcp: add validation for DUID fields
- ipsec: auto-route disable setting (contributed by Namezero)
- network time: inline NMEA checksum calculator (contributed by Fabian Franz)
- network time: fix stratum level write
- unbound: optimize outgoing-range differently
- unbound: local zone setting (contributed by NOYB)
- ui: fix cropped dropdown regression
- mvc: translate option values (contributed by Alexander Shursha)
- mvc: fix access to undefined property translator
- mvc: fix typo in getBase()
- mvc: improve phpdoc
- rc: protect console menu again, but keep shell invoke for rc.d subsystem
- rc: fix some typos (contributed by John Eismeier)
- rc: proper includes for plugin post-install hook
- rc: recover all known shells
- plugins: os-clamav 1.5 fixes log file parsing
- plugins: os-frr 1.1 fixes service start on boot
- plugins: os-haproxy 2.5[1] with PROXY support and HAProxy 1.8 (contributed by Frank Wall)
- plugins: os-monit 1.5 (contributed by Frank Brendel)
- ports: mpd 5.8[2]
- ports: ntp 4.2.8p11[3]
- ports: squid 3.5.27[4][5]
- ports: suricata 4.0.4[6]
Stay safe,
Your OPNsense team