From: The IPFire Project <ipfire-announce@lists.ipfire.org>
To: ipfire-announce@lists.ipfire.org
Subject: IPFire 2.19 - Core Update 117 released
Date: Thu, 04 Jan 2018 18:31:38 +0000 [thread overview]
Message-ID: <mailman.191.1515090756.839.ipfire-announce@lists.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 2152 bytes --]
https://www.ipfire.org/news/ipfire-2-19-core-update-117-released
Happy New Year,
the first Core Update is ready to be released today and it comes withh a huge
number of various bug and security fixes.
Thanks for the people who contributed to this Core Update by submitting their
patches and please help us to support everyones work by sending us your donation
[1]!
OpenSSL 1.0.2n
One moderate and one low security vulnerability have been patched in OpenSSL
1.0.2n. The official security advisory can be found here.
IPsec
* It is now possible to define the inactivity timeout time when an idle IPsec
VPN tunnel is being closed
* Support for MODP groups with subgroups has been dropped
* Compression is now disabled by default because it is not very effective at
all strongswan has been updated to 5.6.1
OpenVPN
* It is now easier to route OpenVPN Roadwarrior Clients to IPsec VPN networks by
choosing routes in each client’s configuration. This makes hub-and-spoke
designs easier to configure.
Build toolchain
* Some build scripts have been refactored to clean up the build process and the
toolchain has been moved from /tools to /tools_<arch>.
* nasm, the Net Assembler, has been updated to 2.13.2
Misc
* SSL compression and SSL session tickets have been disabled in Apache. This
will improve the security of the web user interface.
* At various places, GeoIP information is available where IP addresses are shown
and that information is useful to know
* Adding static routes over the web user interface has been fixed
* Some aesthetic issues on the captive portal configuration pages have been
fixed and the captive portal is now working together with the proxy in
transparent mode
* Syslogging to a remove server can now be configured to either use TCP or UDP
Add-ons
* Samba has been updated to fix several security issues
* mc has been updated to 4.8.20
* nano has been updated to 2.9.1
* sslscan, vsftpd and Pound have been dropped because they are not maintained
upstream any more and incompatible with OpenSSL 1.1.0
[1] https://www.ipfire.org/donate
reply other threads:[~2018-01-04 18:31 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=mailman.191.1515090756.839.ipfire-announce@lists.ipfire.org \
--to=ipfire-announce@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox