Page MenuHomeVyOS Platform

1.4.1
Updated 15 Days AgoPublic

Security

  • T6776: zabbix-agent affected by CVE-2023-32728 (RCE via S.M.A.R.T. plugin)
  • CVE-2024-6387 (regreSSHion): remote code execution in OpenSSH server.
  • CVE-2024-53981: DoS in python-multipart (used by the HTTP API server).

New features and improvements

  • T264: Use base64 or hex format in ipsec.secrets to allow double quotes
  • T3202: Enable wireguard debug messages by default
  • T5878: Make the list of SSH server ciphers configurable
  • T5949: Disable USB autosuspend
  • T6045: show more detail when using lldp
  • T6219: sysctl options support for containers
  • T6313: Add "NAT" to "generate" command for rule resequence
  • T6320: WiFi: Enable support for 6GHz AccesPoints
  • T6362: Add a conntrack/translations logger daemon
  • T6452: Add missing QoS Op Mode Commands
  • T6477: Adding Loki plugin to Telegraf
  • T6500: openconnect: add support for new multi ca-certificate CLI node
  • T6505: Support VXLAN VLAN-VNI range mapping in CLI
  • T6537: Include hostname in the reboot/shutdown warning messsage
  • T6538: Allow adding a geneve interface to the vrf.
  • T6539: Add logging options to load-balancer reverse-proxy
  • T6555: Add server-bridge options to OpenVPN server
  • T6561: show ntp is not vrf aware
  • T6566: op-mode: "monitor bandwidth" add support for listing all interfaces concurrently
  • T6575: op-mode: ntp: add support for NTP service restart via CLI
  • T6576: op-mode: ntp: add support for NTP service restart via CLI
  • T6668: op-cmd: show mac-sec details encrytion info
  • T6681: IPv6 SLAAC: Option to suppress Interval advertisement on RA packet
  • T6693: WiFi: Enable WiFi6 (IEEE 802.11ax) for 2.4GHz AccesPoints
  • T6727: lldp: missing input validation for interface names
  • T6751: Missing Well Known Communities in Command Completion
  • T6759: Add additional languages as keyboard-layout
  • T6908: Avahi: add option to define mdns-repeater max-cache entries

Bug fixes

  • T2145: openvpn: server default topology net30 is incompatible with static client IPs for Windows clients
  • T2505: XCP-ng packet drops for small packets (e.g. icmp) under Xen and AWS
  • T3204: Performance system option destroy defined sysctl custom params
  • T4025: OpenVPN server with TAP interface, client didn’t see network
  • T4026: PKI: generate pki certificate sign <ca-name> is not working
  • T4287: wireless: cannot set regulatory domain
  • T4871: show pki output indentation issues
  • T5366: syslog: remove outdated reference to sysvinit rsyslog file in logrotate template
  • T5367: Syslog doesn't send timezone information to the server
  • T5514: Improve error handling when/if config.boot is deleted or missing
  • T5546: Failed upgrade from 1.4-rolling-202212310809 to 1.4-rolling-202309030023
  • T5552: 'set system option performance throughput' enables IPv6 forwarding even if it's explicitly disabled with 'set system ipv6 disable-forwarding'
  • T5570: PAM config RADIUS ignore for default and success
  • T5794: Flowtable with Bond Race
  • T5991: 1.4.0-RC3 deleting portions of config in error (migration script)
  • T6044: OpenVPN certificate revocation does not work properly
  • T6076: [1.3.3->1.4.0-epa1 Migration] Most of config missing
  • T6148: Reset vpn ipsec command breaks tunnel and does not reset SAs that are down
  • T6157: Can not create two GRE tunnels to the same DST but from different SRC addresses
  • T6290: SNMPD show logs systemstats_linux: unexpected header length
  • T6300: [1.3->1.4 Migration] An empty interface configuration drops all interfaces configuration
  • T6379: "generate openvpn" uses "comp-lzo no", which leads to problems on Android-Clients
  • T6425: WiFi: Beamformer support for 802.11ac (VHT at 5GHz) is broken
  • T6475: WALinuxAgent crashes in Azure
  • T6480: PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/..../cert.pem
  • T6484: Smoketest fails: fastnetmon killed due to OOM
  • T6486: Generate openvpn client-config ignores configured protocol type
  • T6503: Command 'restart ssh' not working
  • T6519: interfaces: 20-to-21 -> migration fails if new system has less ethernet interfaces
  • T6523: Error: "nft table ip vyos_filter not found" when commiting prometheus-client
  • T6536: Config migration does not work as expected when update from 1.3.2 to 1.4.0 (with NAT with wildcard and sysctl parameters)
  • T6544: vyos_net_name locking logic is broken
  • T6559: vyos-configd should return commit error on config dependency error
  • T6578: Unhandled exception in "show openconnect-server sessions"
  • T6584: Revert addition of Linux Kernel MT7921 driver
  • T6592: Changing VRF on interface fails
  • T6593: Release DHCP interface does not work
  • T6594: IPoE-server extended-scripts do not work
  • T6597: wireless: hostapd occationly gets deactivated via systemd and causes loss in connectivity
  • T6600: ospf: smoketest "router ospf' not found in" for ldp sync
  • T6602: interfaces: verify supplied VRF name on all interface types
  • T6603: vrf: nftables conntrack ct_iface_map contains multiple identical entries
  • T6605: ConfigError() behavior is wrong with running vyos-configd
  • T6610: Missing minisign pub key from image
  • T6626: show dhcpv6 server leases fails
  • T6638: QoS CAKE config with PPPoE interface does not load after reboot
  • T6642: verify_interface_exists should not instantiate its own Config object
  • T6643: IP Address range in firewall rules throws error
  • T6646: 1.3.8 to 1.4.0 config migration fails due to conntrack ignore rule
  • T6658: Fix typo in write_file util
  • T6671: Confid dependency works incorrectly for conntrack and conntrack-sync
  • T6672: ssh-client source-interface CLI option failing with traceback
  • T6676: Invalid route-map caused bgpd to crash
  • T6682: show vpn ike sa peer always shows all SAs
  • T6702: Podman 4.9.5 is missing "podman.sock" service socket
  • T6715: date: manually changing time/date is not synced into hardware clock
  • T6719: syslog: fix the behavior of "syslog global preserve-fqdn"
  • T6757: Source address for RADIUS auth is not working in OpenConnect server
  • T6858: syslog: remote syslog broken after "add format option to include timezone in message"
  • T6865: DHCP server op-mode sometimes does not show leases
  • T6866: babel: can not set IPv6 distribution-list in access-list6 format
  • T6878: The conntrack logger daemon continues running after its configuration is deleted
  • T6912: Build package script misses dependencies
  • T6920: multicast: static multicast routing throws TypeError
  • T6937: Schema generation broken in 1.4.1 due to missing import in op-mode script

Other resolved issues

  • T5666: Provide list of config-mode scripts scheduled for proposed commit
  • T6524: Rewrite "release dhcp interface <interface>" to Python to drop remaining Perl dependencies
  • T6598: Unexpected podman version 4.3.1
  • T6614: Initial support for smoketesting op-mode commands
  • T6653: Generate a build/manifest.json file after assembling the image(s)
  • T6879: Add a build procedure for amazon-cloudwatch-agent
Last Author
dmbaturin
Last Edited
Tue, Dec 31, 1:23 AM