**Security**
* T4970: pin OCaml pcre package to avoid JIT support
**New features and improvements**
* T5098: PPPoE client holdoff configuration
* T5033: generate-public-key command fails for address with multiple public keys like GitHub
* T4971: Radius attribute "Framed-Pool" for PPPoE
* T4949: Backport "monitor log" and "show log" op-mode definitions from current to equuleus
* T4948: pppoe: add CLI option to allow definition of host-uniq flag
* T4947: Support mounting container volumes as ro or rw
* T4922: Add ssh-client source-interface CLI option
* T4898: Add mtu config option for dummy interfaces
* T4812: IPsec ability to show all configured connections
* T4809: radvd: Allow use of AdvRASrcAddress
* T4785: snmp: Allow !, @, * and # in community name
* T4743: Enable IPv6 address for Dynamic DNS
* T4727: Add RADIUS rate limit support to PPTP server
* T4683: Add kitty-terminfo package to build
* T4575: vyos.utill add new wrapper "rc_cmd" to get the return code and output
* T4219: support incoming-interface (iif) in local PBR
* T3937: Rewrite "show system memory" in Python to make it usable as a library function
* T2769: Add VRF support for syslog
* T2603: pppoe-server: reduce min MTU
* T1993: Extended pppoe rate-limiter
* T1024: Policy Based Routing by DSCP
* T578: Support Linux Container
**Bug fixes**
* T5176: http-api: update vyos-http-api-tools for FastAPI security vulnerability
* T5175: http-api: error in MultiPart parser for FastAPI version >= 0.91.0
* T5152: Telegraf agent hostname isn't qualified
* T5136: Possible config corruption on upgrade
* T5066: Different GRE tunnel but same tunnel keys error
* T5047: Recreate only a specific container
* T5017: Bug with validator interface-name
* T5011: Some interface drivers don't support min_mtu and max_mtu and verify_mtu check should be skipped
* T4993: Can't delete conntrack ignore rule
* T4992: Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set
* T4978: KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536
* T4975: CLI does not work after cutting off the power or reset
* T4955: Openconnect radiusclient.conf generating with extra authserver
* T4939: VRRP command no-preempt not work as expected
* T4918: Odd show interface behavior
* T4902: snmpd: exclude container storage from monitoring
* T4896: ospfv3: Fix broken not-advertise option
* T4884: Missing a community6 in snmpd config
* T4872: Op-mode show openvpn misses a case when parsing for tunnel IP
* T4799: PowerDNS >= 4.7 does not get reloaded by vyos-hostsd
* T4737: FRRouting/zebra 7.5.1 does not redistribute routes to other protocols
* T4730: Conntrack-sync error - listen-address is not the correct type in config as it should be
* T4709: TCP MSS clamping broken in equuleus
* T4702: Wireguard peers configuration is not synchronized with CLI
* T4680: Telegraf prometheus-client listen-address invalid format
* T4679: OpenVPN site-to-site incorrect check for IPv6 local and remote address
* T4671: linux-firmware package is missing symlinks defined in WHENCE file
* T4668: Adding/removing members from bond doesn't work/results in incorrect interface state
* T4664: Add validation to reject whitespace in tag node value names
* T4648: PPPoE: Ignore default router from RA when PPPoE default-route is set to none
* T4642: proxy: hyphen not allowed in proxy URL
* T4630: Prevent attempts to use the same interface as a source interface for pseudo-ethernet and MACsec at the same time
* T4628: ConfigTree() throws ValueError() if tagNode contains whitespaces
* T4582: Router-advert: Preferred lifetime cannot equal valid lifetime in PIOs
* T4533: Radius clients don’t have simple permissions
* T4312: Telegraf configuration doesn't accept IPs for URL
* T4177: Strip-private doesn't work for service monitoring
* T4153: Monitor bandwidth-test initiate not working
* T4117: Does not possible to configure PoD/CoA for L2TP vpn
* T2838: Ethernet device names changing, multiple hw-id being added
* T2516: vyos-container: cannot configure ethernet interface
* T2189: Adding a large port-range will take ~ 20 minutes to commit
**Other resolved issues**
* T5111: pppd-dns.service startup failed
* T5008: MACsec CKN of 32 chars is not allowed in CLI, but works fine
* T5007: Interface multicast setting is invalid
* T4999: vyos.util backport dict_search_recursive
* T4925: Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2
* T4906: ipsec connections shows only one connection as up
* T4900: Cache intermediary results of get_config_diff in Config instance
* T4875: Replace Python validator 'interface-name' to avoid Python startup cost
* T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)
* T4798: Migrate the file-exists validator away from Python
* T4652: Upgrade PowerDNS recursor to 4.7 series
* T4625: Update ocserv to current revision (1.1.6)
* T4511: IPv6 DNS lookup
* T4381: OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command
* T4122: interface ip address config missing after upgrade from 1.2.8 to 1.3.0 (when redirect is configured?)
* T3608: Standardize warnings from configure scripts
* T3083: Add feature event-handler
* T2913: Failure to install fpm while building builder docker image
* T1875: Add the ability to use network address as BGP neighbor (bgp listen range)
* T1288: FRR: rewrite staticd backend (/opt/vyatta/share/vyatta-cfg/templates/protocols/static/*)