From: The IPFire Project <ipfire-announce@lists.ipfire.org>
To: ipfire-announce@lists.ipfire.org
Subject: IPFire 2.23 - Core Update 139 released
Date: Thu, 09 Jan 2020 10:30:08 +0000 [thread overview]
Message-ID: <mailman.119.1578565830.797.ipfire-announce@lists.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 2789 bytes --]
https://blog.ipfire.org/post/ipfire-2-23-core-update-139-released
ATTENTION! You are receiving this email because you are subscribed to our announcement mailing list. This list is going to be shut down soon. To keep receiving important announcements like this one, please sign up at https://people.ipfire.org/register, if you did not already do so.
It is time for the first release of the year, IPFire 2.23 - Core Update 139. It is packed with improvements, software updates, and many many bug fixes.
Improved Booting & Reconnecting
Dialup scripts have been cleaned up to avoid any unnecessary delays after the system has been handed a DHCP lease from the Internet Service Provider. This allows the system to reconnect quicker after loss of the Internet connection and booting up and connecting to the Internet is quicker, too.
Improvements to the Intrusion Prevention System
Various smaller bug fixes have been applied in this Core Update which makes our IPS a little bit better with every release. To take advantage of deeper analysis of DNS packets, the IPS is now informed about which DNS servers are being used by the system.
TLS
IPFire is configured as securely as possible. At the same time we focus on performance, too. For connections to the web user interface, we do not allow using CBC any more. This cipher mode is begin to crack and the more robust GCM is available.
Whenever an SSL/TLS connection is being established to the firewall, we used to prefer ChaCha20/Poly1305 as a cipher. Since AESNI is becoming and more and more popular even on smaller hardware, it makes sense to prefer AES. A vast majority of client systems support this as well which will allow to communicate faster with IPFire systems and save battery power.
Misc.
• The microcode for Intel processors has been updated again to mitigate vulnerabilities from the last Core Update [1]
• PC Engines APU LEDs are now controlled using the ACPI subsystem which is made possible using the latest BIOS version 4.10.0.3
• Captive Portal: Expired clients are now automatically removed
• Dynamic DNS: Support for NoIP.com has been fixed in ddns 12
• Updated packages: Python 2.7.17, bash 5.0, bind 9.11.13, cpio 2.13, libarchive 3.4.0, logwatch7.5.2, lz4 1.9.2, openvpn 2.4.8, openssh 8.1p1, readline 8.0 (and compat version 6.3), squid 4.9, unbound 1.9.5
Add-Ons
• clamav has been updated to 0.102.1 which include various security fixes
• libvirt has been updated to version 5.6.0 for various bug fixes or feature enhancements and support for LVM has been enabled.
• qemu has been updated to 4.1.0
• Various others: nano 4.6, postfix 3.4.8, spectre-meltdown-checker 0.42
[1] https://blog.ipfire.org/post/ipfire-2-23-core-update-138-released
reply other threads:[~2020-01-09 10:30 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=mailman.119.1578565830.797.ipfire-announce@lists.ipfire.org \
--to=ipfire-announce@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox