OPNsense 17.7.6 released

Franco Fichtner franco at opnsense.org
Fri Oct 20 10:29:40 UTC 2017

Previous message (by thread): OPNsense 17.7.5 image refresh
Next message (by thread): OPNsense 17.7.7 released
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear all,

What a KRACKing week it has been!  In order to move past the WPA2 attacks
we have updated hostapd and wpa_supplicant to their latest version 2.6
including the released security fixes.  If you use wireless devices you
are advised to reboot to properly reload all wireless services.

In more positive news, plugins for Web Proxy SSO support and Siproxd have
been publicly released with this version.  Additionally, multi-remote
OpenVPN client configurations are now easily possible via the GUI.  We
also thank Fabian Abplanalp and HiHo.ch for providing a mirror in Switzerland.

Here are the full patch notes:

o interfaces: mitigate KRACK attacks[1] by using patched hostapd and
  wpa_supplicant from ports
o interfaces: added ARP flush to diagnostics page (contributed by Giuseppe De Marco)
o firmware: opnsense-revert man page examples (contributed by Marco Woitschitzky)
o firmware: opnsense-update provides locks for the kernel and base sets
o firmware: opnsense-update provides remote size of kernel and base sets
o firmware: new mirror in Switzerland via HiHo.ch (contributed by Fabian Abplanalp)
o firmware: preparations for upcoming page and user-facing feature improvements
o reporting: traffic mini-graphs switch places with their plain throughput values
o reporting: return empty file when parameters are missing from insight data export
o captive portal: improved column header texts in session view
o ipsec: hide mode selection in phase 1 under IKEv2
o openvpn: multi-remote support for clients
o web proxy: allow plugin reload through pluginctl
o ui: bootgrid tweaks (contributed by Fabian Franz)
o ui: info command addition to bootgrid (contributed by David Harrigan)
o rc: pluggable /var MFS support and micromanaging of boot tasks
o configd: parameter handling rework
o plugins: os-c-icap 1.3 adds server log view (contributed by Michael Muenz)
o plugins: os-clamav 1.1 adds version info display and /var MFS
  support (contributed by Alexander Shursha)
o plugins: os-freeradius 1.1 (contributed by Michael Muenz)
o plugins: os-monit 1.4 M/Monit support and fixes (contributed by Frank Brendel)
o plugins: os-siproxd: 1.0 (contributed by Michael Muenz)
o plugins: os-web-proxy-sso 2.0 (contributed by Smart-Soft)
o plugins: os-zerotier 1.3 adds remote network info and local.conf
  setting (contributed by David Harrigan)
o ports: curl 7.56.0[2]
o ports: hostapd 2.6_1[3]
o ports: phalcon 3.2.3[4]
o ports: unbound 1.6.7[5]
o ports: wpa_supplicant 2.6_2[3]


Stay safe,
Your OPNsense team

--
[1] https://www.krackattacks.com/
[2] https://curl.haxx.se/changes.html
[3] https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
[4] https://github.com/phalcon/cphalcon/releases/tag/v3.2.3
[5] http://www.unbound.net/download.html

Previous message (by thread): OPNsense 17.7.5 image refresh
Next message (by thread): OPNsense 17.7.7 released
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the announce mailing list