Version 4 vs 9
Version 4 vs 9
Edits
Edits
- Edit by dmbaturin, Version 9
- May 29 2023 1:49 PM
- ·Generated by Ansible
- Edit by dmbaturin, Version 4
- Sep 22 2022 10:56 AM
- ·Ansible test, please delete me
Edit Older Version 4... | Edit Current Version 9... |
Content Changes
Content Changes
**Security**
* T4311: CVE-2021-4034: local privilege escalation in PolKit
* T4310: CVE-2022-0778: infinite loop in OpenSSL certificate parsing
* T4204: Update Accel-PPP to a newer revision
**New features and improvements**
* T4261: MACsec: add DHCP client support
* T4128: keepalived: Upgrade package to add VRF support
* T4120: [VXLAN] add ability to set multiple unicast-remotes
* T4100: Firewall increase maximum number of rules
* T4055: Add VRF support for HTTP(S) API service
* T3872: Add configurable telegraf monitoring service
* T3854: Missing op-mode commands for conntrack-sync
* T3299: Allow the web proxy service to listen on all IP addresses
* T3164: console-server ssh does not work with RADIUS PAM auth
* T2764: Increase maximum number of NAT rules
* T2400: OpenVPN: dont restart server if no need
* T1972: Allow setting interface name for virtual_ipaddress in VRRP VRID
**Bug fixes**
* T4377: generate tech-support archive includes previous archives
* T4297: Interface configuration saving fails for ice/iavf based interfaces because they can't change speed/duplex settings
* T4273: ssh: Upgrade from 1.2.X to 1.3.0 breaks config
* T4267: Error - Missing required "ip key" parameter
* T4264: vxlan: interface is destroyed and rebuild on description change
* T4263: vyos.util.leaf_node_changed() dos not honor valueLess nodes
* T4259: The conntrackd daemon can be started wrongly
* T4258: [DHCP-SERVER] error parameter on Failover
* T4242: ethernet speed/duplex can never be switched back to auto/auto
* T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus
* T4240: Cannot add wlan0 to bridge via configure
* T4237: Conntrack-sync error - error adding listen-address command
* T4234: Show firewall partly broken in 1.3.x
* T4233: ssh: sync regex for allow/deny usernames to "system login"
* T4228: bond: OS error thrown when two bonds use the same member
* T4226: VRRP transition-script does not work for groups name which contains -(minus) sign
* T4203: Reconfigure DHCP client interface causes brief outages
* T4196: DHCP server client-prefix-length parameter results in non-functional leases
* T4191: Lost access to host after VRF re-creating
* T4184: NTP allow-clients address doesn't work it allows to use ntp server for all addresses
* T4183: IPv6 link-local address not accepted as wireguard peer
* T4168: IPsec VPN is impossible to restart when DMVPN is configured
* T4165: Custom conntrack rules cannot be deleted
* T4154: Error add second gre tunnel with the same source interface
* T4152: NHRP shortcut-target holding-time does not work
* T4142: Input ifbX interfaces not displayed in op-mode
* T4141: Set high-availability vrrp sync-group without members error
* T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0
* T4104: RAID1: "add raid md0 member sda1" does not restore boot sector
* T4101: commit-archive: Use of uninitialized value $source_address in concatenation
* T4093: SNMPv3 snmpd.conf generation bug
* T4092: IKEv2 mobike commit failed with DMVPN nhrp
* T4087: IPsec IKE-group proposals limit of 10 pieces
* T4081: VRRP health-check script stops working when setting up a sync group
* T4002: firewall group network-group long names restriction incorrect behavior
* T3924: VRRP stops working with VRF
* T3914: VRRP rfc3768-compatibility doesn't work with unicast peers
* T3686: Bridging OpenVPN tap with no local-address breaks
* T3380: "show vpn ike sa" does not display IPv6 peers
* T2922: The `vpn ipsec logging log-modes` miss the IPSec daemons state check
**Other resolved issues**
* T4476: Next steps after installation is not communicated properly to new users
* T4255: Unexpected print of dict bridge on delete
* T4227: Typo in help completion of hello-time option of bridge interface
**Security**
* T4970: pin OCaml pcre package to avoid JIT support
**New features and improvements**
* T5098: PPPoE client holdoff configuration
* T5033: generate-public-key command fails for address with multiple public keys like GitHub
* T4971: Radius attribute "Framed-Pool" for PPPoE
* T4949: Backport "monitor log" and "show log" op-mode definitions from current to equuleus
* T4948: pppoe: add CLI option to allow definition of host-uniq flag
* T4947: Support mounting container volumes as ro or rw
* T4922: Add ssh-client source-interface CLI option
* T4898: Add mtu config option for dummy interfaces
* T4812: IPsec ability to show all configured connections
* T4809: radvd: Allow use of AdvRASrcAddress
* T4785: snmp: Allow !, @, * and # in community name
* T4743: Enable IPv6 address for Dynamic DNS
* T4727: Add RADIUS rate limit support to PPTP server
* T4683: Add kitty-terminfo package to build
* T4575: vyos.utill add new wrapper "rc_cmd" to get the return code and output
* T4219: support incoming-interface (iif) in local PBR
* T3937: Rewrite "show system memory" in Python to make it usable as a library function
* T2769: Add VRF support for syslog
* T2603: pppoe-server: reduce min MTU
* T1993: Extended pppoe rate-limiter
* T1024: Policy Based Routing by DSCP
* T578: Support Linux Container
**Bug fixes**
* T5186: QoS test cannot pass for 1.3
* T5176: http-api: update vyos-http-api-tools for FastAPI security vulnerability
* T5175: http-api: error in MultiPart parser for FastAPI version >= 0.91.0
* T5152: Telegraf agent hostname isn't qualified
* T5136: Possible config corruption on upgrade
* T5066: Different GRE tunnel but same tunnel keys error
* T5047: Recreate only a specific container
* T5017: Bug with validator interface-name
* T5011: Some interface drivers don't support min_mtu and max_mtu and verify_mtu check should be skipped
* T4993: Can't delete conntrack ignore rule
* T4992: Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set
* T4978: KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536
* T4975: CLI does not work after cutting off the power or reset
* T4955: Openconnect radiusclient.conf generating with extra authserver
* T4939: VRRP command no-preempt not work as expected
* T4918: Odd show interface behavior
* T4902: snmpd: exclude container storage from monitoring
* T4896: ospfv3: Fix broken not-advertise option
* T4884: Missing a community6 in snmpd config
* T4872: Op-mode show openvpn misses a case when parsing for tunnel IP
* T4799: PowerDNS >= 4.7 does not get reloaded by vyos-hostsd
* T4730: Conntrack-sync error - listen-address is not the correct type in config as it should be
* T4709: TCP MSS clamping broken in equuleus
* T4702: Wireguard peers configuration is not synchronized with CLI
* T4680: Telegraf prometheus-client listen-address invalid format
* T4679: OpenVPN site-to-site incorrect check for IPv6 local and remote address
* T4671: linux-firmware package is missing symlinks defined in WHENCE file
* T4668: Adding/removing members from bond doesn't work/results in incorrect interface state
* T4664: Add validation to reject whitespace in tag node value names
* T4648: PPPoE: Ignore default router from RA when PPPoE default-route is set to none
* T4642: proxy: hyphen not allowed in proxy URL
* T4630: Prevent attempts to use the same interface as a source interface for pseudo-ethernet and MACsec at the same time
* T4628: ConfigTree() throws ValueError() if tagNode contains whitespaces
* T4582: Router-advert: Preferred lifetime cannot equal valid lifetime in PIOs
* T4533: Radius clients don’t have simple permissions
* T4312: Telegraf configuration doesn't accept IPs for URL
* T4177: Strip-private doesn't work for service monitoring
* T4153: Monitor bandwidth-test initiate not working
* T4117: Does not possible to configure PoD/CoA for L2TP vpn
* T2838: Ethernet device names changing, multiple hw-id being added
* T2516: vyos-container: cannot configure ethernet interface
* T2189: Adding a large port-range will take ~ 20 minutes to commit
**Other resolved issues**
* T5243: Default route is inactive if an interface has multiple ip addresses of the same subnet in 1.3.2 Equuleus
* T5111: pppd-dns.service startup failed
* T5008: MACsec CKN of 32 chars is not allowed in CLI, but works fine
* T5007: Interface multicast setting is invalid
* T4999: vyos.util backport dict_search_recursive
* T4925: Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2
* T4906: ipsec connections shows only one connection as up
* T4900: Cache intermediary results of get_config_diff in Config instance
* T4875: Replace Python validator 'interface-name' to avoid Python startup cost
* T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)
* T4798: Migrate the file-exists validator away from Python
* T4652: Upgrade PowerDNS recursor to 4.7 series
* T4625: Update ocserv to current revision (1.1.6)
* T4511: IPv6 DNS lookup
* T4381: OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command
* T4122: interface ip address config missing after upgrade from 1.2.8 to 1.3.0 (when redirect is configured?)
* T3608: Standardize warnings from configure scripts
* T3083: Add feature event-handler
* T2913: Failure to install fpm while building builder docker image
* T1875: Add the ability to use network address as BGP neighbor (bgp listen range)
* T1288: FRR: rewrite staticd backend (/opt/vyatta/share/vyatta-cfg/templates/protocols/static/*)
**Security**
* T4311: CVE-2021-4034: local privilege escalation in PolKit970: pin OCaml pcre package to avoid JIT support
* T4310: CVE-2022-0778: infinite loop in OpenSSL certificate parsing
* T4204: Update Accel-PPP to a newer revision
**New features and improvements**
* T4261: MACsec: add DHCP client support* T5098: PPPoE client holdoff configuration
* T4128: keepalived: Upgrade package to* T5033: generate-public-key command fails for add VRF supportress with multiple public keys like GitHub
* T4120: [VXLAN] add ability to set multiple unicast-remotes971: Radius attribute "Framed-Pool" for PPPoE
* T4100: Firewall increase maximum number of rules949: Backport "monitor log" and "show log" op-mode definitions from current to equuleus
* T4055: Add VRF support for HTTP(S) API service948: pppoe: add CLI option to allow definition of host-uniq flag
* T3872: Add configurable telegraf monitoring service* T4947: Support mounting container volumes as ro or rw
* T3854: Missing op-mode commands for conntrack-sync* T4922: Add ssh-client source-interface CLI option
* T3299: Allow the web proxy service to listen on all IP addresses* T4898: Add mtu config option for dummy interfaces
* T3164: console-server ssh does not work with RADIUS PAM auth* T4812: IPsec ability to show all configured connections
* T2764: Increase maximum number* T4809: radvd: Allow use of NAT rulesAdvRASrcAddress
* T2400: OpenVPN: dont restart server if no need* T4785: snmp: Allow !, @, * and # in community name
* T1972: Allow setting interface name* T4743: Enable IPv6 address for virtual_ipaddress in VRRP VRIDDynamic DNS
* T4727: Add RADIUS rate limit support to PPTP server
* T4683: Add kitty-terminfo package to build
* T4575: vyos.utill add new wrapper "rc_cmd" to get the return code and output
* T4219: support incoming-interface (iif) in local PBR
* T3937: Rewrite "show system memory" in Python to make it usable as a library function
* T2769: Add VRF support for syslog
* T2603: pppoe-server: reduce min MTU
* T1993: Extended pppoe rate-limiter
* T1024: Policy Based Routing by DSCP
* T578: Support Linux Container
**Bug fixes**
* T4377: generate tech-support archive includes previous archives* T5186: QoS test cannot pass for 1.3
* T4297: Interface configuration saving fai* T5176: http-api: update vyos-http-api-tools for ice/iavf based interfaces because they can't change speed/duplex settingsFastAPI security vulnerability
* T4273: ssh: Upgrade from 1.2.X to 1.3.0 breaks config* T5175: http-api: error in MultiPart parser for FastAPI version >= 0.91.0
* T4267: Error - Missing required "ip key" parameter* T5152: Telegraf agent hostname isn't qualified
* T4264: vxlan: interface is destroyed and rebuild* T5136: Possible config corruption on description changeupgrade
* T4263: vyos.util.leaf_node_changed() dos not honor valueLess nodes* T5066: Different GRE tunnel but same tunnel keys error
* T4259: The conntrackd daemon can be started wrongly* T5047: Recreate only a specific container
* T4258: [DHCP-SERVER] error parameter on Failover* T5017: Bug with validator interface-name
* T4242: ethernet speed/duplex can never be switched back to auto/auto* T5011: Some interface drivers don't support min_mtu and max_mtu and verify_mtu check should be skipped
* T4241: ocserv openconnect looks broken in recent bulds of 1.3 Equuleus993: Can't delete conntrack ignore rule
* T4240: Cannot add wlan0 to bridge via configure992: Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set
* T4237: Conntrack-sync error - error ad978: KeyError: 'memory' container_config['memory'] on upgrading listen-address commandto 1.4-rolling-202302041536
* T4234: Show firewall partly broken in 1.3.x975: CLI does not work after cutting off the power or reset
* T4233: ssh: sync regex for allow/deny usernames to "system login"955: Openconnect radiusclient.conf generating with extra authserver
* T4228: bond: OS error thrown when two bonds use the same member939: VRRP command no-preempt not work as expected
* T4226: VRRP transition-script does not work for groups name which contains -(minus) sign918: Odd show interface behavior
* T4203: Reconfigure DHCP client interface causes brief outages902: snmpd: exclude container storage from monitoring
* T41896: DHCP server client-prefix-length parameter results in non-funcospfv3: Fix broken not-advertise optional leases
* T4191: Lost access to host after VRF re-creating884: Missing a community6 in snmpd config
* T4184: NTP allow-clients address doesn't work it allows to use ntp server872: Op-mode show openvpn misses a case when parsing for all addressestunnel IP
* T4183: IPv6 link-local addres799: PowerDNS >= 4.7 does not accepted as wireguard peerget reloaded by vyos-hostsd
* T4168: IPsec VPN is impossible to restart when DMVPN is configured730: Conntrack-sync error - listen-address is not the correct type in config as it should be
* T4165: Custom conntrack rules cannot be deleted709: TCP MSS clamping broken in equuleus
* T4154: Error add second gre tunnel with the same source interface702: Wireguard peers configuration is not synchronized with CLI
* T4152: NHRP shortcut-target holding-time does not work680: Telegraf prometheus-client listen-address invalid format
* T4142: Input ifbX interfaces not displayed in op-mode679: OpenVPN site-to-site incorrect check for IPv6 local and remote address
* T4141: Set high-availability vrrp sync-group without members error671: linux-firmware package is missing symlinks defined in WHENCE file
* T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0668: Adding/removing members from bond doesn't work/results in incorrect interface state
* T4104: RAID1: "add raid md0 member sda1" does not restore boot sector664: Add validation to reject whitespace in tag node value names
* T4101: commit-archive: Use of uninitialized value $source_address in concatenation648: PPPoE: Ignore default router from RA when PPPoE default-route is set to none
* T4093: SNMPv3 snmpd.conf generation bug642: proxy: hyphen not allowed in proxy URL
* T4092: IKEv2 mobike commit failed with DMVPN nhrp630: Prevent attempts to use the same interface as a source interface for pseudo-ethernet and MACsec at the same time
* T4087: IPsec IKE-group proposals limit of 10 pieces
* T4081: VRRP health-check script stops working when setting up a sync group628: ConfigTree() throws ValueError() if tagNode contains whitespaces
* T4002: firewall group network-group long names restriction incorrect behavior582: Router-advert: Preferred lifetime cannot equal valid lifetime in PIOs
* T3924: VRRP stops working with VRF* T4533: Radius clients don’t have simple permissions
* T3914: VRRP rfc3768-compatibility* T4312: Telegraf configuration doesn't work with unicast peersaccept IPs for URL
* T3686: Bridging OpenVPN tap with no local-address breaks* T4177: Strip-private doesn't work for service monitoring
* T3380: "show vpn ike sa" does not display IPv6 peers* T4153: Monitor bandwidth-test initiate not working
* T2922: The `vpn ipsec logging log-modes` miss the IPSec daemons state check* T4117: Does not possible to configure PoD/CoA for L2TP vpn
* T2838: Ethernet device names changing, multiple hw-id being added
* T2516: vyos-container: cannot configure ethernet interface
* T2189: Adding a large port-range will take ~ 20 minutes to commit
**Other resolved issues**
* T4476: Next steps after installation is not communicated properly to new users* T5243: Default route is inactive if an interface has multiple ip addresses of the same subnet in 1.3.2 Equuleus
* T4255: Unexpected print of dict bridge on delete* T5111: pppd-dns.service startup failed
* T4227: Typo in help completion of hello-time option of bridge interfaceT5008: MACsec CKN of 32 chars is not allowed in CLI, but works fine
* T5007: Interface multicast setting is invalid
* T4999: vyos.util backport dict_search_recursive
* T4925: Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2
* T4906: ipsec connections shows only one connection as up
* T4900: Cache intermediary results of get_config_diff in Config instance
* T4875: Replace Python validator 'interface-name' to avoid Python startup cost
* T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)
* T4798: Migrate the file-exists validator away from Python
* T4652: Upgrade PowerDNS recursor to 4.7 series
* T4625: Update ocserv to current revision (1.1.6)
* T4511: IPv6 DNS lookup
* T4381: OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command
* T4122: interface ip address config missing after upgrade from 1.2.8 to 1.3.0 (when redirect is configured?)
* T3608: Standardize warnings from configure scripts
* T3083: Add feature event-handler
* T2913: Failure to install fpm while building builder docker image
* T1875: Add the ability to use network address as BGP neighbor (bgp listen range)
* T1288: FRR: rewrite staticd backend (/opt/vyatta/share/vyatta-cfg/templates/protocols/static/*)