1.4.1
1.4.1
Security
- T6776: zabbix-agent affected by CVE-2023-32728 (RCE via S.M.A.R.T. plugin)
- CVE-2024-6387 (regreSSHion): remote code execution in OpenSSH server.
- CVE-2024-53981: DoS in python-multipart (used by the HTTP API server).
New features and improvements
- T264: Use base64 or hex format in ipsec.secrets to allow double quotes
- T3202: Enable wireguard debug messages by default
- T5878: Make the list of SSH server ciphers configurable
- T5949: Disable USB autosuspend
- T6045: show more detail when using lldp
- T6219: sysctl options support for containers
- T6313: Add "NAT" to "generate" command for rule resequence
- T6320: WiFi: Enable support for 6GHz AccesPoints
- T6362: Add a conntrack/translations logger daemon
- T6452: Add missing QoS Op Mode Commands
- T6477: Adding Loki plugin to Telegraf
- T6500: openconnect: add support for new multi ca-certificate CLI node
- T6505: Support VXLAN VLAN-VNI range mapping in CLI
- T6537: Include hostname in the reboot/shutdown warning messsage
- T6538: Allow adding a geneve interface to the vrf.
- T6539: Add logging options to load-balancer reverse-proxy
- T6555: Add server-bridge options to OpenVPN server
- T6561: show ntp is not vrf aware
- T6566: op-mode: "monitor bandwidth" add support for listing all interfaces concurrently
- T6575: op-mode: ntp: add support for NTP service restart via CLI
- T6576: op-mode: ntp: add support for NTP service restart via CLI
- T6668: op-cmd: show mac-sec details encrytion info
- T6681: IPv6 SLAAC: Option to suppress Interval advertisement on RA packet
- T6693: WiFi: Enable WiFi6 (IEEE 802.11ax) for 2.4GHz AccesPoints
- T6727: lldp: missing input validation for interface names
- T6751: Missing Well Known Communities in Command Completion
- T6759: Add additional languages as keyboard-layout
- T6908: Avahi: add option to define mdns-repeater max-cache entries
Bug fixes
- T2145: openvpn: server default topology net30 is incompatible with static client IPs for Windows clients
- T2505: XCP-ng packet drops for small packets (e.g. icmp) under Xen and AWS
- T3204: Performance system option destroy defined sysctl custom params
- T4025: OpenVPN server with TAP interface, client didn’t see network
- T4026: PKI: generate pki certificate sign <ca-name> is not working
- T4287: wireless: cannot set regulatory domain
- T4871: show pki output indentation issues
- T5366: syslog: remove outdated reference to sysvinit rsyslog file in logrotate template
- T5367: Syslog doesn't send timezone information to the server
- T5514: Improve error handling when/if config.boot is deleted or missing
- T5546: Failed upgrade from 1.4-rolling-202212310809 to 1.4-rolling-202309030023
- T5552: 'set system option performance throughput' enables IPv6 forwarding even if it's explicitly disabled with 'set system ipv6 disable-forwarding'
- T5570: PAM config RADIUS ignore for default and success
- T5794: Flowtable with Bond Race
- T5991: 1.4.0-RC3 deleting portions of config in error (migration script)
- T6044: OpenVPN certificate revocation does not work properly
- T6076: [1.3.3->1.4.0-epa1 Migration] Most of config missing
- T6148: Reset vpn ipsec command breaks tunnel and does not reset SAs that are down
- T6157: Can not create two GRE tunnels to the same DST but from different SRC addresses
- T6290: SNMPD show logs systemstats_linux: unexpected header length
- T6300: [1.3->1.4 Migration] An empty interface configuration drops all interfaces configuration
- T6379: "generate openvpn" uses "comp-lzo no", which leads to problems on Android-Clients
- T6425: WiFi: Beamformer support for 802.11ac (VHT at 5GHz) is broken
- T6475: WALinuxAgent crashes in Azure
- T6480: PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/..../cert.pem
- T6484: Smoketest fails: fastnetmon killed due to OOM
- T6486: Generate openvpn client-config ignores configured protocol type
- T6503: Command 'restart ssh' not working
- T6519: interfaces: 20-to-21 -> migration fails if new system has less ethernet interfaces
- T6523: Error: "nft table ip vyos_filter not found" when commiting prometheus-client
- T6536: Config migration does not work as expected when update from 1.3.2 to 1.4.0 (with NAT with wildcard and sysctl parameters)
- T6544: vyos_net_name locking logic is broken
- T6559: vyos-configd should return commit error on config dependency error
- T6578: Unhandled exception in "show openconnect-server sessions"
- T6584: Revert addition of Linux Kernel MT7921 driver
- T6592: Changing VRF on interface fails
- T6593: Release DHCP interface does not work
- T6594: IPoE-server extended-scripts do not work
- T6597: wireless: hostapd occationly gets deactivated via systemd and causes loss in connectivity
- T6600: ospf: smoketest "router ospf' not found in" for ldp sync
- T6602: interfaces: verify supplied VRF name on all interface types
- T6603: vrf: nftables conntrack ct_iface_map contains multiple identical entries
- T6605: ConfigError() behavior is wrong with running vyos-configd
- T6610: Missing minisign pub key from image
- T6626: show dhcpv6 server leases fails
- T6638: QoS CAKE config with PPPoE interface does not load after reboot
- T6642: verify_interface_exists should not instantiate its own Config object
- T6643: IP Address range in firewall rules throws error
- T6646: 1.3.8 to 1.4.0 config migration fails due to conntrack ignore rule
- T6658: Fix typo in write_file util
- T6671: Confid dependency works incorrectly for conntrack and conntrack-sync
- T6672: ssh-client source-interface CLI option failing with traceback
- T6676: Invalid route-map caused bgpd to crash
- T6682: show vpn ike sa peer always shows all SAs
- T6702: Podman 4.9.5 is missing "podman.sock" service socket
- T6715: date: manually changing time/date is not synced into hardware clock
- T6719: syslog: fix the behavior of "syslog global preserve-fqdn"
- T6757: Source address for RADIUS auth is not working in OpenConnect server
- T6858: syslog: remote syslog broken after "add format option to include timezone in message"
- T6865: DHCP server op-mode sometimes does not show leases
- T6866: babel: can not set IPv6 distribution-list in access-list6 format
- T6878: The conntrack logger daemon continues running after its configuration is deleted
- T6912: Build package script misses dependencies
- T6920: multicast: static multicast routing throws TypeError
- T6937: Schema generation broken in 1.4.1 due to missing import in op-mode script
Other resolved issues
- T5666: Provide list of config-mode scripts scheduled for proposed commit
- T6524: Rewrite "release dhcp interface <interface>" to Python to drop remaining Perl dependencies
- T6598: Unexpected podman version 4.3.1
- T6614: Initial support for smoketesting op-mode commands
- T6653: Generate a build/manifest.json file after assembling the image(s)
- T6879: Add a build procedure for amazon-cloudwatch-agent
Tags
Referenced Files
None
Subscribers
None
- Last Author
- dmbaturin
- Last Edited
- Tue, Dec 31, 1:23 AM