Page MenuHomeVyOS Platform
IndexNew Document
Phriction VyOS Developer Documentation Release Notes 1.4.3

1.4.3
Updated 149 Days AgoPublic
Actions

Security

  • CVE-2024-3596 (BlastRADIUS) mitigations for pam_radius (T7285).
  • Remove io_uring support from the kernel (T7428).

New features and improvements

  • Add support for AMD pstate driver (T6703).
  • Allow setting name server for containers (T6927).
  • dhcp: support definition of custom DNS server for specific static mappings (T6993).
  • Add support for configuring container registry mirrors (T7092).
  • Route leaking using route-map (T7157).
  • Add Filtering Option for ‘show bgp ipv4/ipv6 vpn’ by RD and Prefix (T7227).
  • VPN IPsec add the ability to exclude IPv6 traffic selectors for VTI interfaces (T7343).
  • Add an option to import routes from a non-default table into the system RIB (T7349).
  • Image update: confirm image name is available before accepting (T7359).
  • Implement auto-ignore-prefix syntax for router advertisements (T7380).
  • Add "system kernel option quiet" to suppress boot messages (T7397).
  • containers: Allow privileged option (T7412).
  • show * bgp neighbors * advertised-routes detail or show * bgp neighbors *received-routes detail missing (T7509).
  • Build package binaries script should exit if a package repository cannot be cloned for some reason (T7530).
  • Add FRR no-ipv6-auto-ra option (T7531).

Bug fixes

  • Stray compiled Python objects break the VMware virtual machine resume script (T3681).
  • PKI import OpenVPN shared key includes unexpected BEGIN and END (T5744).
  • dhcp6c@pppoe0.service cannot stop gracefully when VyOS shutdowns (T6113).
  • Update system image without enough space for the files can to break the system (T6144).
  • no-default-route not being honoured (T6253).
  • Autocomplete for "show arp interface" is missing non-ethernet interfaces (T6792).
  • System CA Not Updated with Configuration (T6809).
  • FRR config is lost upon daemon restart (T6963).
  • Issue with Configuration Migration from VyOS 1.3.8 to 1.4.1 (T6968).
  • dhcp: smoketests fail as IP address is not removed in time (T6972).
  • Allow configuring IPoE servers without a client IP pool if DHCP relay is used (T6997).
  • Boot failure after installing on RAID1 (T7049).
  • OpenVPN error : Unable to bind the tunnel interface to bridge if misconfigured first (T7056).
  • Adding community 'internet' throws an exception (T7116).
  • PKI: Unable to switch from custom cert to ACME when haproxy service is running with 'redirect-http-to-https' option (T7122).
  • "show qos shaper" doesn't work with VRFs (T7138).
  • Some sysctl options like nf_conntrack_buckets are diffrent between clean install and the first reboot (T7208).
  • NAT checking translation address is an expensive operation (T7237).
  • Wireguard: Traceback error received if the public-key starts with // (T7246).
  • certbot: When using ACME certificates, consuming daemons are not reloaded on update (T7249).
  • op-mode: not all groups are displayed correctly with show firewall groups (T7282).
  • VPN Openconnect does not check dictionary key server with authentication mode RADIUS (T7287).
  • VPN IPsec log level does not work (T7290).
  • Need commit validation for interfaces when mtu configured below 1280 (T7316).
  • wifi: mac80211_hwsim kernel module no longer supports VLAN interfaces in smoketests (T7325).
  • grub: "system option kernel" options are not honored after image upgrade (T7327).
  • FQDN resolver uses IPv4 cache for failed IPv6 resolution (T7333).
  • Haproxy mistake URL instead of the PATH in the description redirect-location (T7335).
  • isisd: Fix memory leaks when the transition of neighbor state from non-UP to DOWN (T7341).
  • netplug: PermissionError on fast interface changes (T7346).
  • Add an option to limit the number of threads for accel-ppp services (T7348).
  • Do not allow deleting interfaces referenced in flowtables (T7350).
  • netplug: behavior change 1.3.8 -> 1.4 when interface with DHCP address looses carrier (T7353).
  • netplug: DHCPv6 address is not cleared when interface is going to operational down (T7360).
  • Arguments of lb_config are not properly quoted (T7372).
  • IPv6 assigned address using SLAAC is not cleared when SLAAC is deconfigured (T7375).
  • Invalid sysctl configuration during startup causes IPv6 default route to be installed for DHCPv6 only interface (T7379).
  • Router advertisement duplicate prefix safeguard (T7389).
  • HTTPS API listens on all addresses after changing its listen-address (T7393).
  • Image upgrade fails when the "system option kernel" subtree is empty (T7394).
  • Update vyos-http-api-tools for package h11 security advisory (T7398).
  • smoketest: fix unbound variable issue when checking for VXLAN remote and group error (T7400).
  • smoketest: TypeError: VyOSUnitTestSHIM.TestCase.getFRRconfig() got an unexpected keyword argument 'substring' (T7401).
  • FRRouting Configuration Loss on Abnormal Service Restart (T7411).
  • Conntrack Rule Fails When Using Comma-Separated Ports (T7414).
  • QoS match TCP ACK not working (T7415).
  • vrf: config Migration failed 1.3.4--> 1.4.2 for static routes (T7417).
  • Add the missing kernel option CONFIG_PSAMPLE (T7437).
  • reboot/shutdown: unable to log in prior 5 minutes to planned reboot/shutdown time (T7443).
  • VPN IPsec unexpected passthrough logic bug (T7458).
  • Unable to load the config file when community attribute define with "replace" (T7460).
  • CoA is not applied to Accel-PPP services (T7463).
  • Bonding interface mode allows malformed variations of 802.3ad (T7466).
  • IPoE: Add stricter validation for giaddr if dhcp-relay is configured (T7472).
  • Modem connection code doesn't work (T7492).
  • Fix commit-confirm action 'reboot' (T7500).
  • Remove unnecessary PAT for docker image rebuild (T7501).
  • Table 254 is a default table and must not be used for VRF (T7506).
  • Fix default commit-confirm action (T7508).
  • OSPF NSSA translation error (T7510).
  • Unable to apply OpenConnect RADIUS accounting settings (T7511).
  • Container sysctl parameters with values containing spaces cause errors (T7532).
  • wwan: extend smoketests to cover WWAN driver option and hwsim (T7539).
  • pki: TypeError: argument of type 'NoneType' is not iterable when HAProxy is not in use (T7573).
  • Upgrade from 1.3.x to 1.4.2 or later fails due to an ISO image format change (T7610).
  • Deleting the TACACS server configuration raises an error (T7632).

Other resolved issues

  • Display the non-production banner depending on the build type (T7159).
  • Image build fails due to missing linux-tools package (T7253).
  • Remove support for GnuPG signatures (T7301).
  • Addition and deletion of allowed-vlans on a bridge member is slow (T7322).
  • Add vyos prefix to package names of RADIUS libs (T7336).
  • Add apply_patches option for the build packages script (T7342).
  • Build a compatible version of bash-completion from source (T7344).
  • Do not use Debian Buster repos in image build (T7345).
  • Console text remains white and bold after boot messages (T7356).
  • Use the reusable completion helper for the RADIUS dynamic authorization option in PPP/IPoE services (T7471).
  • Pin iproute2 version 6.14.0-3~bpo12+1 for sagitta (T7519).
  • Fix the typo in completion help for remote option in dhcp-server high-availability (T7559).
Last Author
dmbaturin
Last Edited
Jul 17 2025, 10:24 AM