1.3.1
1.3.1
Security
- T4204: Update Accel-PPP to a newer revision
- T4310: CVE-2022-0778: infinite loop in OpenSSL certificate parsing
- T4311: CVE-2021-4034: local privilege escalation in PolKit
Configuration syntax changes (automatically migrated)
- T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID
- T4273: ssh: Upgrade from 1.2.X to 1.3.0 breaks config
New features and improvements
- T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID
- T2400: OpenVPN: dont restart server if no need
- T2764: Increase maximum number of NAT rules
- T3164: console-server ssh does not work with RADIUS PAM auth
- T3299: Allow the web proxy service to listen on all IP addresses
- T3854: Missing op-mode commands for conntrack-sync
- T3872: Add configurable telegraf monitoring service
- T4055: Add VRF support for HTTP(S) API service
- T4100: Firewall increase maximum number of rules
- T4120: [VXLAN] add ability to set multiple unicast-remotes
- T4128: keepalived: Upgrade package to add VRF support
- T4261: MACsec: add DHCP client support
Bug fixes
- T2922: The vpn ipsec logging log-modes miss the IPSec daemons state check
- T3380: "show vpn ike sa" does not display IPv6 peers
- T3686: Bridging OpenVPN tap with no local-address breaks
- T3914: VRRP rfc3768-compatibility doesn't work with unicast peers
- T3924: VRRP stops working with VRF
- T4002: firewall group network-group long names restriction incorrect behavior
- T4081: VRRP health-check script stops working when setting up a sync group
- T4087: IPsec IKE-group proposals limit of 10 pieces
- T4092: IKEv2 mobike commit failed with DMVPN nhrp
- T4093: SNMPv3 snmpd.conf generation bug
- T4101: commit-archive: Use of uninitialized value $source_address in concatenation
- T4104: RAID1: "add raid md0 member sda1" does not restore boot sector
- T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0
- T4141: Set high-availability vrrp sync-group without members error
- T4142: Input ifbX interfaces not displayed in op-mode
- T4152: NHRP shortcut-target holding-time does not work
- T4154: Error add second gre tunnel with the same source interface
- T4165: Custom conntrack rules cannot be deleted
- T4168: IPsec VPN is impossible to restart when DMVPN is configured
- T4183: IPv6 link-local address not accepted as wireguard peer
- T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses
- T4191: Lost access to host after VRF re-creating
- T4196: DHCP server client-prefix-length parameter results in non-functional leases
- T4203: Reconfigure DHCP client interface causes brief outages
- T4226: VRRP transition-script does not work for groups name which contains -(minus) sign
- T4228: bond: OS error thrown when two bonds use the same member
- T4233: ssh: sync regex for allow/deny usernames to "system login"
- T4234: Show firewall partly broken in 1.3.x
- T4237: Conntrack-sync error - error adding listen-address command
- T4240: Cannot add wlan0 to bridge via configure
- T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus
- T4242: ethernet speed/duplex can never be switched back to auto/auto
- T4258: [DHCP-SERVER] error parameter on Failover
- T4259: The conntrackd daemon can be started wrongly
- T4263: vyos.util.leaf_node_changed() dos not honor valueLess nodes
- T4264: vxlan: interface is destroyed and rebuild on description change
- T4267: Error - Missing required "ip key" parameter
- T4273: ssh: Upgrade from 1.2.X to 1.3.0 breaks config
- T4297: Interface configuration saving fails for ice/iavf based interfaces because they can't change speed/duplex settings
- T4377: generate tech-support archive includes previous archives
Other resolved issues
Tags
None
Referenced Files
None
Subscribers
None
- Last Author
- dmbaturin
- Last Edited
- Jun 11 2022, 8:40 AM