Page MenuHomeVyOS Platform
IndexNew Document
Phriction VyOS Developer Documentation Release Notes 1.4.4

1.4.4
Updated TodayPublic
Actions

Breaking changes

  • VyOS no longer allows multicast addresses to be assigned to interfaces (T8054).

Deprecations

  • Add a deprecation warning for ssh-dss keys (T7839).

New features and improvements

  • Support BGP Prefix Origin Validation State Extended Community (RFC 8097) (T1124).
  • Add TLS functionality for rsyslog (T4251).
  • Add AWS gateway load-balancing tunnel handler (gwlbtun) (T5261).
  • Add op-mode command for all interfaces on host (T7268).
  • Add warning message for unsaved changes in the dialog before initiating an upgrade (T7319).
  • Add the option "timeout" for DPD in IKEv2 (T7504).
  • Add user-defined MAC address to dummy interfaces (T7686).
  • Add operational mode 'show interfaces kernel statistics' command (T7742).
  • Add system login to config-sync (T7905).
  • HAProxy add health check probes to a port other than the one to which normal traffic is sent (T7906).
  • login: issue warning if TACACS or RADIUS source-address is not configured on the system (T8024).
  • Expose "send_cert always" swanctl configuration for ipsec vpn road warrior configuration (T8027).
  • Update Linux kernel to 6.6.117 (T8035).
  • Smoketests: reorganize folderstructure for embedded configttests (T8087).
  • firewall: "geoip country-code" should get a completion helper (T8089).
  • isis: configuration migrator 0 -> 1 broken (T8094).

Bug fixes

  • Static routes with dhcp-interface are flaky (T3680).
  • Ability to set host part IPv6 address via interface IP token (T4627).
  • BGP large-community-list regex validation is incomplete (T5069).
  • MSS Clamping Not Applied to VRF Interface from MPLS Cloud (T5797).
  • Add/Improve support for CLI config scripts that change the underlying actual configuration and make them work with vyos-configd (T6489).
  • login: user vyos cannot be deleted under vyos-configd (T6504).
  • inject missing env vars in configd to support configfs util (T6633).
  • [vyos-1x] unlimited _noteworthy in vyos.airbag cause memory leak (T6704).
  • Operational mode command "show bridge vni" is broken (T6770).
  • Unable to remove DHCP client from interface when dynamic IPv6 address is configured (T7016).
  • FRR 9.1.x 10.2.x does not redistribute OSPF kernel table x routes (T7297).
  • Container network loses VRF on container restart (T7305).
  • container: cannot remove image when used by more then one tag (T7403).
  • command tech-support archive upload - Not working under certain conditions (T7440).
  • ARM64 config fails to commit due to ttyS0 console (T7484).
  • DHCPv6 does not work on PPPoE interfaces (T7485).
  • Fix the output command "show vpn ipsec connection" for passthrough tunnels (T7489).
  • FRR does not redistribute BGP table x routes (T7495).
  • The aws-gwlbtun service cannot start (T7524).
  • Trying to create a VRF named "vni" leads to an unhandled exception (T7544).
  • Command 'show vpn debug peer <peer_name>' does not work correctly (T7545).
  • Command 'set vpn ipsec disable-uniqreqids' does nothing (T7562).
  • Inconsistent MAC address behaviour on bond interfaces (T7571).
  • IPsec service fails after upgrading from 1.3.8 to 1.4.2 if protocol all is configured (T7581).
  • Fix uuidgen warning if DMI doesn't have product_serial or it empty (T7587).
  • IPSec traffic-selectors without prefixes are rendered incorrectly in the swanctl.conf (T7593).
  • certbot: when using acme certificate, error received "name 'add_cli_node' is not defined" (T7642).
  • IPv6 default route disappears after upgrade (T7646).
  • Op-mode command show system memory cache does not work (T7657).
  • QAT support is not detected on Intel C62x virtual function devices (T7662).
  • Smoke test cli/test_vpn_ipsec.py typo makes DPD check always pass (T7667).
  • Move AWS GLB CLI configuration to a separate package (T7671).
  • Incorrect sla-len in DHCPv6 client prefix delegation (T7682).
  • "show nat source/destination rules" proto column is inaccurate (T7696).
  • Commit fails to apply configuration: /run/nftables-ct.conf on conntrack timeout rule removal (T7700).
  • BGP config fails when route-reflector-client is configured and peer-group is not used (T7708).
  • "show interfaces l2tpv3" does not show any interface information (T7721).
  • Backup next-hop is not installed in IS-IS LFA as expected (T7722).
  • Improper OpenVPN certificates migration from 1.3 to 1.4 (T7738).
  • ssh: re-generating server key causes PermissionError (T7751).
  • Syslog: format option to include timezone in message is not working in 1.4.3 (T7788).
  • Invalid order of interface/sub interface removal greatly decreases commit performance (T7813).
  • 'add system image' error if we choose not to copy an active config (T7818).
  • vyos-1x is missing an explicit package dependency on net-tools (T7847).
  • op-cmd: "reset ip arp table" is not working (T7868).
  • dhcp6c fails to restart after interface down & up when using only PD (T7882).
  • pki: configuration issues on reboot when ACME is used together with listen-address (T7885).
  • Incorrect column name in "show dhcp client leases" (T7895).
  • certbot: renewal ineffective due to wrong config location (T7908).
  • Removing PPPoE interface in smoketests and throw a PermissionError (T7919).
  • vrf: dhcp does not work when VRF name contains a hyphen (T7941).
  • Unable to delete container image in 1.4 nightly build "Error: podman ps takes no arguments" (T7957).
  • dhcpv6: migrator fix for non VIF interfaces for default routes (T7967).
  • VyOS does not accept IPv6 interface addresses with an all-zero host part (T7973).
  • veth: removing virtual-ethernet pairs will purge the peer interface form the kernel (T7990).
  • Remove references to OPAM in skel/.bashrc (T7992).
  • bond: missing validation of member interface MTU (T8023).
  • Use a smarter file comparison in boolean test unsaved_commits() (T8031).
  • snmp: trap target broken with SNMPv3 (T8039).
  • VyOS allows multicast addresses to be assigned to interfaces (T8054).
  • renew dhcpv6 refuses when not using an dhcpv6 address (T8078).
  • Unhandled exception when setting up bonding interface on AWS (T8084).
  • login: recursive calls to NSS can cause commits to massively slow down (T8088).
  • pki: KeyError: 'reverse-proxy' when updating ACME chain (T8102).

Other resolved issues

  • Improve the smoke test platform (T6510).
  • Addition and deletion of allowed-vlans on a bridge member is slow (T7322).
  • Cleanup unused Python3 imports (T7355).
  • Pass credentials to download commands in environment variables (T7420).
  • Set up a linter check to check complete files for syntax errors and missing imports (T7648).
  • Broken pipe error in "show firewall summary" (T7677).
  • Make "unused-import" check mandatory (T7787).
  • ifconfig: Suppress unnecessary syslog noise from missing nftables rules (T7814).
  • Consistent naming of "memory" in op-mode (T7942).
  • certbot: streamline implementation to avoid bugs due to duplicated code (T7953).
  • xml: cleanup double CLI properties in NAT (T8038).
  • Mark Salt minion deprecated (T8056).
  • BP not work "Login: issue warning if TACACS or RADIUS source-address is not configured on the system" (T8063).
  • wlb: remaining CLI version definition (T8095).
Last Author
dmbaturin
Last Edited
Wed, Dec 17, 4:24 PM