1.3.3

Updated 121 Days AgoPublic

Actions

Security

• T4970: pin OCaml pcre package to avoid JIT support

New features and improvements

• T5098: PPPoE client holdoff configuration
• T5033: generate-public-key command fails for address with multiple public keys like GitHub
• T4971: Radius attribute "Framed-Pool" for PPPoE
• T4949: Backport "monitor log" and "show log" op-mode definitions from current to equuleus
• T4948: pppoe: add CLI option to allow definition of host-uniq flag
• T4947: Support mounting container volumes as ro or rw
• T4922: Add ssh-client source-interface CLI option
• T4898: Add mtu config option for dummy interfaces
• T4812: IPsec ability to show all configured connections
• T4809: radvd: Allow use of AdvRASrcAddress
• T4785: snmp: Allow !, @, * and # in community name
• T4743: Enable IPv6 address for Dynamic DNS
• T4727: Add RADIUS rate limit support to PPTP server
• T4683: Add kitty-terminfo package to build
• T4575: vyos.utill add new wrapper "rc_cmd" to get the return code and output
• T4219: support incoming-interface (iif) in local PBR
• T3937: Rewrite "show system memory" in Python to make it usable as a library function
• T2769: Add VRF support for syslog
• T2603: pppoe-server: reduce min MTU
• T1993: Extended pppoe rate-limiter
• T1024: Policy Based Routing by DSCP
• T578: Support Linux Container

Bug fixes

• T5186: QoS test cannot pass for 1.3
• T5176: http-api: update vyos-http-api-tools for FastAPI security vulnerability
• T5175: http-api: error in MultiPart parser for FastAPI version >= 0.91.0
• T5152: Telegraf agent hostname isn't qualified
• T5136: Possible config corruption on upgrade
• T5066: Different GRE tunnel but same tunnel keys error
• T5047: Recreate only a specific container
• T5017: Bug with validator interface-name
• T5011: Some interface drivers don't support min_mtu and max_mtu and verify_mtu check should be skipped
• T4993: Can't delete conntrack ignore rule
• T4992: Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set
• T4978: KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536
• T4975: CLI does not work after cutting off the power or reset
• T4955: Openconnect radiusclient.conf generating with extra authserver
• T4939: VRRP command no-preempt not work as expected
• T4918: Odd show interface behavior
• T4902: snmpd: exclude container storage from monitoring
• T4896: ospfv3: Fix broken not-advertise option
• T4884: Missing a community6 in snmpd config
• T4872: Op-mode show openvpn misses a case when parsing for tunnel IP
• T4799: PowerDNS >= 4.7 does not get reloaded by vyos-hostsd
• T4730: Conntrack-sync error - listen-address is not the correct type in config as it should be
• T4709: TCP MSS clamping broken in equuleus
• T4702: Wireguard peers configuration is not synchronized with CLI
• T4680: Telegraf prometheus-client listen-address invalid format
• T4679: OpenVPN site-to-site incorrect check for IPv6 local and remote address
• T4671: linux-firmware package is missing symlinks defined in WHENCE file
• T4668: Adding/removing members from bond doesn't work/results in incorrect interface state
• T4664: Add validation to reject whitespace in tag node value names
• T4648: PPPoE: Ignore default router from RA when PPPoE default-route is set to none
• T4642: proxy: hyphen not allowed in proxy URL
• T4630: Prevent attempts to use the same interface as a source interface for pseudo-ethernet and MACsec at the same time
• T4628: ConfigTree() throws ValueError() if tagNode contains whitespaces
• T4582: Router-advert: Preferred lifetime cannot equal valid lifetime in PIOs
• T4533: Radius clients don’t have simple permissions
• T4312: Telegraf configuration doesn't accept IPs for URL
• T4177: Strip-private doesn't work for service monitoring
• T4153: Monitor bandwidth-test initiate not working
• T4117: Does not possible to configure PoD/CoA for L2TP vpn
• T2838: Ethernet device names changing, multiple hw-id being added
• T2516: vyos-container: cannot configure ethernet interface
• T2189: Adding a large port-range will take ~ 20 minutes to commit

Other resolved issues

• T5243: Default route is inactive if an interface has multiple ip addresses of the same subnet in 1.3.2 Equuleus
• T5111: pppd-dns.service startup failed
• T5008: MACsec CKN of 32 chars is not allowed in CLI, but works fine
• T5007: Interface multicast setting is invalid
• T4999: vyos.util backport dict_search_recursive
• T4925: Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2
• T4906: ipsec connections shows only one connection as up
• T4900: Cache intermediary results of get_config_diff in Config instance
• T4875: Replace Python validator 'interface-name' to avoid Python startup cost
• T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)
• T4798: Migrate the file-exists validator away from Python
• T4652: Upgrade PowerDNS recursor to 4.7 series
• T4625: Update ocserv to current revision (1.1.6)
• T4511: IPv6 DNS lookup
• T4381: OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command
• T4122: interface ip address config missing after upgrade from 1.2.8 to 1.3.0 (when redirect is configured?)
• T3608: Standardize warnings from configure scripts
• T3083: Add feature event-handler
• T2913: Failure to install fpm while building builder docker image
• T1875: Add the ability to use network address as BGP neighbor (bgp listen range)
• T1288: FRR: rewrite staticd backend (/opt/vyatta/share/vyatta-cfg/templates/protocols/static/*)