-
Notifications
You must be signed in to change notification settings - Fork 24
/
16.1.11
32 lines (24 loc) · 1.09 KB
/
16.1.11
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
@ April 18, 2016
Hi everyone,
We are skipping a bit ahead with 16.1.11 to address a CSRF vulnerability,
which outlines the path we have been on since we started[1] and we will
surely continue this security-aware trend.
In other news, this update includes native GeoIP alias support, captive
portal voucher customisations requested by many and the last batch of
Russian, effectively bringing it to 100% completed. Wow!
Here is the full change log:
o services: fix CSRF vulnerability in status_services.php[2]
o www: strengthen CSRF secret generation for legacy pages
o dhcp: bring back usage of the authoritative directive
o system: allow periodic backups of RRD and DHCP for non-MFS
o openvpn: status page would not show the correct process status
o captive portal: add option for less secure passwords, password
and username length
o firewall: add GeoIP aliases feature
o languages: completed Russian translation (contributed by Smart-Soft Ltd.)
o languages: updated French
Stay safe,
Your OPNsense team
--
[1] https://forum.opnsense.org/index.php?topic=2837.0
[2] https://cxsecurity.com/issue/WLB-2016040106