mirror of
https://github.com/vyos/vyos-documentation.git
synced 2025-10-26 08:41:46 +01:00
434 lines
26 KiB
ReStructuredText
434 lines
26 KiB
ReStructuredText
|
||
###########
|
||
1.4 Sagitta
|
||
###########
|
||
|
||
..
|
||
Please don't add anything by hand.
|
||
This file is managed by the script:
|
||
_ext/releasenotes.py
|
||
|
||
|
||
1.4.1 (future release)
|
||
======================
|
||
|
||
|
||
|
||
**Configuration syntax changes (automatically migrated)**
|
||
|
||
|
||
* :vytask:`T6505` ``Support VXLAN VLAN-VNI range mapping in CLI``
|
||
|
||
**New features and improvements**
|
||
|
||
|
||
* :vytask:`T5878` ``Make the list of SSH server ciphers configurable``
|
||
* :vytask:`T5949` ``Disable USB autosuspend``
|
||
* :vytask:`T6320` ``WiFi: Enable support for 6GHz AccesPoints``
|
||
* :vytask:`T6423` ``Require command definition nodes that have an owner to also have a priority``
|
||
* :vytask:`T6424` ``ipsec: op-mode command to generate client profiles should honor common name of the CA node that signed the server certificate``
|
||
* :vytask:`T6454` ``Explicitly set the default reverse proxy mode to HTTP``
|
||
* :vytask:`T6462` ``wireless: add op-mode command for hostapd and wpa_supplicant logs``
|
||
* :vytask:`T6473` ``bgp: missing completion helper for peer-groups inside a VRF``
|
||
* :vytask:`T6477` ``Adding Loki plugin to Telegraf``
|
||
* :vytask:`T6505` ``Support VXLAN VLAN-VNI range mapping in CLI``
|
||
* :vytask:`T6538` ``Allow adding a geneve interface to the vrf.``
|
||
* :vytask:`T6539` ``Add logging options to load-balancer reverse-proxy``
|
||
* :vytask:`T6566` ``op-mode: "monitor bandwidth" add support for listing all interfaces concurrently``
|
||
* :vytask:`T6576` ``op-mode: ntp: add support for NTP service restart via CLI``
|
||
* :vytask:`T6614` ``Initial support for smoketesting op-mode commands``
|
||
|
||
**Bug fixes**
|
||
|
||
|
||
* :vytask:`T2145` ``openvpn: server default topology net30 is incompatible with static client IPs for Windows clients``
|
||
* :vytask:`T4287` ``wireless: cannot set regulatory domain``
|
||
* :vytask:`T5514` ``Improve error handling when/if config.boot is deleted or missing``
|
||
* :vytask:`T5552` ``'set system option performance throughput' enables IPv6 forwarding even if it's explicitly disabled with 'set system ipv6 disable-forwarding'``
|
||
* :vytask:`T5725` ``protocol IS-IS configuration is empty if a tunnel does not have remote address``
|
||
* :vytask:`T5947` ``[1.3.2 -> 1.4.0-RC1 Migration] Static ipv6 routes dropped``
|
||
* :vytask:`T6148` ``Reset vpn ipsec command breaks tunnel and does not reset SAs that are down``
|
||
* :vytask:`T6332` ``IPv6-only ISIS (or, in general, dual topology) is not working with other devices running frr``
|
||
* :vytask:`T6401` ``Attempts to delete vlan-to-vni option causes an unhandled exception``
|
||
* :vytask:`T6429` ``bug - isis metric-style not applied configuration``
|
||
* :vytask:`T6431` ``monitor traceroute broken VRF support``
|
||
* :vytask:`T6453` ``GRUB variables with `=` in a value are parsed improperly``
|
||
* :vytask:`T6460` ``Showing DHCPv6 leases can fail due to DUID parsing issues``
|
||
* :vytask:`T6463` ``reverse-proxy: service not reloaded when updating SSL certificate via PKI``
|
||
* :vytask:`T6464` ``sstpc: interface not restarted when updating SSL certificate via PKI``
|
||
* :vytask:`T6480` ``PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/..../cert.pem``
|
||
* :vytask:`T6484` ``Smoketest fails: fastnetmon killed due to OOM``
|
||
* :vytask:`T6503` ``Command 'restart ssh' not working``
|
||
* :vytask:`T6519` ``interfaces: 20-to-21 -> migration fails if new system has less ethernet interfaces``
|
||
* :vytask:`T6523` ``Error: "nft table ip vyos_filter not found" when commiting prometheus-client``
|
||
* :vytask:`T6559` ``vyos-configd should return commit error on config dependency error``
|
||
* :vytask:`T6584` ``Revert addition of Linux Kernel MT7921 driver``
|
||
* :vytask:`T6593` ``Release DHCP interface does not work``
|
||
* :vytask:`T6600` ``ospf: smoketest "router ospf' not found in" for ldp sync``
|
||
* :vytask:`T6602` ``interfaces: verify supplied VRF name on all interface types``
|
||
* :vytask:`T6603` ``vrf: nftables conntrack ct_iface_map contains multiple identical entries``
|
||
* :vytask:`T6605` ```ConfigError()` behavior is wrong with running `vyos-configd```
|
||
* :vytask:`T6610` ``Missing minisign pub key from image``
|
||
|
||
**Other resolved issues**
|
||
|
||
|
||
* :vytask:`T4026` ``PKI: generate pki certificate sign <ca-name> is not working``
|
||
* :vytask:`T5570` ``PAM config RADIUS ignore for default and success``
|
||
* :vytask:`T6290` ``SNMPD show logs systemstats_linux: unexpected header length``
|
||
* :vytask:`T6379` ``"generate openvpn" uses "comp-lzo no", which leads to problems on Android-Clients``
|
||
* :vytask:`T6446` ``Display the support URL from image build data in LTS builds``
|
||
* :vytask:`T6486` ``Generate openvpn client-config ignores configured protocol type``
|
||
* :vytask:`T6500` ``openconnect: add support for new multi ca-certificate CLI node``
|
||
* :vytask:`T6524` ``Rewrite "release dhcp interface <interface>" to Python to drop remaining Perl dependencies``
|
||
* :vytask:`T6592` ``Changing VRF on interface fails``
|
||
* :vytask:`T6594` ``IPoE-server extended-scripts do not work``
|
||
* :vytask:`T6597` ``wireless: hostapd occationly gets deactivated via systemd and causes loss in connectivity``
|
||
* :vytask:`T6598` ``Unexpected podman version 4.3.1``
|
||
|
||
1.4.0 (4th June 2024)
|
||
=====================
|
||
|
||
|
||
|
||
|
||
**New features and improvements**
|
||
|
||
|
||
* :vytask:`T3202` ``Enable wireguard debug messages by default``
|
||
* :vytask:`T4022` ``Add package nat-rtsp-dkms``
|
||
* :vytask:`T4393` ``sstp: add support for configuring host-name (SNI)``
|
||
* :vytask:`T5386` ``Execute VRRP transition script when `set high-availability disable` is commited``
|
||
* :vytask:`T5752` ``Check compatibility of new image tools with XCP-NG images``
|
||
* :vytask:`T6293` ``add Mediatek MT7921 to defconfig``
|
||
* :vytask:`T6339` ``Display the flavor name and build comment in "show version"``
|
||
* :vytask:`T6395` ``Enable VFIO No-IOMMU support in kernel config``
|
||
|
||
**Bug fixes**
|
||
|
||
|
||
* :vytask:`T4576` ``vpn l2tp logging level configuration``
|
||
* :vytask:`T5527` ``Adjust for change in coreutils behavior on overlayfs``
|
||
* :vytask:`T5939` ``[1.3.5 -> 1.4.0-RC1 Migration] as-path-list Entries Get Messed Up``
|
||
* :vytask:`T5940` ``[1.3.5 -> 1.4.0-RC1 Migration] commit-archive Fails to Migrate``
|
||
* :vytask:`T6038` ``Losing default route after first reboot (cloud-init & DHCP)``
|
||
* :vytask:`T6094` ``Destination Nat not Making Firewall Rules``
|
||
* :vytask:`T6225` ``Unhandled exception when configuring random-detect QoS policy``
|
||
* :vytask:`T6348` ``SNAT op-mode fails with flowtable offload entries``
|
||
* :vytask:`T6356` ``Correct the syntax of config.boot.default [..., 'ntp', 'server'] from leaf node with value to tag node``
|
||
* :vytask:`T6365` ``Negating interface names in NAT configuration causes invalid warnings``
|
||
* :vytask:`T6377` ``PermissionError on /config/auth/letsencrypt/live/ when running show pki``
|
||
* :vytask:`T6400` ``pki: unable to generate fingerprint for ACME issued certificates``
|
||
* :vytask:`T6402` ``Invalid variables referenced in reverse proxy validation``
|
||
* :vytask:`T6404` ``Include constraintGroup element in reference tree``
|
||
* :vytask:`T6407` ``Generate ipsec profile error``
|
||
* :vytask:`T6419` ``reverse-proxy: full CA chain is not build when verifying backend server``
|
||
* :vytask:`T6421` ``host-name has no explicit priority to be set on system boot``
|
||
|
||
**Other resolved issues**
|
||
|
||
|
||
* :vytask:`T1981` ``Allow route-map 'set src' to reference both IPv4 and IPv6``
|
||
* :vytask:`T3493` ``DHCPv6 does not have prefix range validation``
|
||
* :vytask:`T4519` ``DHCPv6: "set show dhcpv6 server leases" should show DUID instead of IAID_DUID``
|
||
* :vytask:`T4909` ``Rewrite the NTP op mode in the new format``
|
||
* :vytask:`T5351` ``VyOS deployed with cloud-init improperly saves config.boot``
|
||
* :vytask:`T6022` ``set system image default-boot``
|
||
* :vytask:`T6048` ``Exception in event handler script``
|
||
* :vytask:`T6328` ``Add a warning message about deprecation of web proxy URL filtering``
|
||
* :vytask:`T6333` ``non-free-firmware to trixie``
|
||
* :vytask:`T6345` ``Source NAT Port Mapping setting of Fully-Random is superfluous in Kernels 5.0 onwards``
|
||
* :vytask:`T6346` ``Boot to multi-user.target instead of graphical.target``
|
||
* :vytask:`T6358` ``Container config option to enable host pid``
|
||
* :vytask:`T6367` ``op-mode: commit-archive: TypeError: attribute name must be string, not 'NoneType'``
|
||
* :vytask:`T6383` ``Incorrect completion for rollback-soft``
|
||
* :vytask:`T6384` ``rollback-soft should tell the user to compare and commit``
|
||
* :vytask:`T6391` ``load-balancing reverse-proxy: typo in timeout help``
|
||
* :vytask:`T6396` ``MINOR Typo: set system conntrack timeout custom ipv4 rule X``
|
||
* :vytask:`T6409` ``Remove unused parameter node from reverse-proxy backend``
|
||
|
||
1.4.0-epa3 (14th May 2024)
|
||
==========================
|
||
|
||
**Security**
|
||
|
||
|
||
* :vytask:`T6324` ``CVE-2024-2961``
|
||
|
||
|
||
**Configuration syntax changes (automatically migrated)**
|
||
|
||
|
||
* :vytask:`T5535` ``Move disable-directed-broadcast to firewall global-options``
|
||
* :vytask:`T6171` ``Rename the DHCP server "failover" command to "high-availability mode"``
|
||
* :vytask:`T6208` ``container: rename "cap-add" CLI node to "capability"``
|
||
* :vytask:`T6216` ``Firewall group names that contain the '+' character break the config``
|
||
* :vytask:`T6295` ``netns: disable incomplete support in VyOS 1.4 sagitta``
|
||
|
||
**New features and improvements**
|
||
|
||
|
||
* :vytask:`T4309` ``Support network/address-groups and ipv6-network/ipv6-address-groups in "conntrack ignore"``
|
||
* :vytask:`T4903` ``Support IPv6 addresses in "set system conntrack ignore"``
|
||
* :vytask:`T5364` ``Make it possible to set the PADO delay to 0``
|
||
* :vytask:`T6127` ``Ability to view logs for rules with Offload not functional``
|
||
* :vytask:`T6133` ``Add domain-name to commit-archive``
|
||
* :vytask:`T6143` ``Increase configuration timeout range for service config-sync``
|
||
* :vytask:`T6154` ``Installer should ask for password twice``
|
||
* :vytask:`T6161` ``Add support for displaying container image data in JSON``
|
||
* :vytask:`T6162` ``ixgbe: Add 1000BASE-BX support``
|
||
* :vytask:`T6171` ``Rename the DHCP server "failover" command to "high-availability mode"``
|
||
* :vytask:`T6176` ``image-tools: rationalize setting of console type``
|
||
* :vytask:`T6184` ``image-tools: add op-mode command to set default boot console type``
|
||
* :vytask:`T6192` ``Support running SSH server in more than one VRF``
|
||
* :vytask:`T6226` ``Add "tcp-requece inspect-delay" to reverse proxy``
|
||
* :vytask:`T6257` ``Add op mode commands for dynamic firewall address groups``
|
||
* :vytask:`T6258` ``Add IPv6 base-reachable-time option to interfaces``
|
||
* :vytask:`T6260` ``image-tools: remove the image directory if it fails to install due to insufficient drive space``
|
||
* :vytask:`T6267` ``Improve commit failure messages for wireless interface configuration``
|
||
* :vytask:`T6278` ``Attempt hint for console type during image install``
|
||
* :vytask:`T6291` ``Add op mode commands for displaying LACP information for bonding interfaces``
|
||
* :vytask:`T6306` ``EVPN-MH - missing options in uplink ports``
|
||
|
||
**Bug fixes**
|
||
|
||
|
||
* :vytask:`T2590` ``DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c``
|
||
* :vytask:`T3655` ``NAT doesn't work correctly with VRF``
|
||
* :vytask:`T4718` ``DHCP server listen-address doesn't take effect if the interface is in a VRF``
|
||
* :vytask:`T5164` ``op cmd: "show dhcp server leases state" with available options does not show any result``
|
||
* :vytask:`T5862` ``Default MTU is not acceptable in some environments``
|
||
* :vytask:`T5875` ``login: removing and re-adding a user keeps the home directory but changes the UID, thus SSH keys no longer work``
|
||
* :vytask:`T5996` ``Incorrect behavior for backslash escapes in config save and compare commands``
|
||
* :vytask:`T6082` ``BGP doesn't allow the same local AS and remote AS in peer groups``
|
||
* :vytask:`T6085` ``VTI interfaces are in UP state by default``
|
||
* :vytask:`T6089` ``[1.3.6->1.4.0-epa1 Migration] "ospf passive-interface default" incorrectly added``
|
||
* :vytask:`T6090` ``Migration of "policy route" configs fails due to TCP flag case sensitivity``
|
||
* :vytask:`T6100` ``NAT config migration error in 1.4.0-epa1 if invalid address/network defined in 1.3.6 version``
|
||
* :vytask:`T6106` ``Improve the commit error message for the case when route-reflector-client option is defined in a peer-group``
|
||
* :vytask:`T6119` ``Use a compliant TOML parser``
|
||
* :vytask:`T6130` ``[1.3.6->1.4.0-epa2 Migration] BGP "set community" missing``
|
||
* :vytask:`T6131` ``Disabling openvpn interface(s) causes OSPF to fail to load on reboot``
|
||
* :vytask:`T6136` ``Configuring a dynamic address group, config script did not check whether the group was created``
|
||
* :vytask:`T6138` ``Conntrack table op-mode fails with flowtable offload entries``
|
||
* :vytask:`T6145` ``Service config-sync does not rely on priorities``
|
||
* :vytask:`T6147` ``Conntrack not working as expected with global state-policy``
|
||
* :vytask:`T6149` ``Update node_data when merging nodes in reference tree generation``
|
||
* :vytask:`T6152` ``Kernel panic for ZimaBoard 232``
|
||
* :vytask:`T6160` ``Unhandled exception when configuring IS-IS``
|
||
* :vytask:`T6165` ``grub: vyos-grub-update failed to start on "slow" systems``
|
||
* :vytask:`T6167` ``VNI not set on VRF after reboot``
|
||
* :vytask:`T6168` ``"add system image" does not set the default boot image to the current console type in compatibility mode``
|
||
* :vytask:`T6169` ``DNS forwarding configuration rejects underscores in SRV records``
|
||
* :vytask:`T6173` ``Build Causes Errors When "--version" Contains Slashes ("/")``
|
||
* :vytask:`T6175` ``op-mode: "renew dhcp interface <name>" does not check if it's an actual DHCP interface``
|
||
* :vytask:`T6178` ``reverse-proxy doesn't check that a certificate exists at set time``
|
||
* :vytask:`T6179` ``Incorrect HAProxy config generated for reverse-proxy rules with url-path``
|
||
* :vytask:`T6186` ``'set system image default-boot' fails to find images that actually do exist in the system``
|
||
* :vytask:`T6189` ``BGP L3VPN connectivity is broken after re-enabling VRF``
|
||
* :vytask:`T6191` ``Policy route set-mss option is not working correctly``
|
||
* :vytask:`T6193` ``dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces``
|
||
* :vytask:`T6196` ``route-map and summary-only do not work in BGP aggregation at the same time``
|
||
* :vytask:`T6197` ``Validation error in the IPoE server interface client-subnet option``
|
||
* :vytask:`T6202` ``Multi-Protocol BGP is broken by 6PE patch in upstream FRR 9.1``
|
||
* :vytask:`T6205` ``ipoe: error in migration script logic while renaming mac-address to mac``
|
||
* :vytask:`T6206` ``L2tp smoketest fails if vyos-configd is running``
|
||
* :vytask:`T6207` ``image-tools: restore ability to copy config.boot.default on image install``
|
||
* :vytask:`T6213` ``Validations in firewall groups mistakenly reject correct configurations``
|
||
* :vytask:`T6216` ``Firewall group names that contain the '+' character break the config``
|
||
* :vytask:`T6218` ``Container network interface in VRF fails to generate IPv6 link-local address``
|
||
* :vytask:`T6221` ``Enabling VRF breaks connectivity``
|
||
* :vytask:`T6222` ``VRRP rfc3768-compatibility not working correctly when resulting interface name is over 15 characters``
|
||
* :vytask:`T6241` ``Updating CRL in "pki" config does not update OpenVPN``
|
||
* :vytask:`T6243` ``Update vyos-http-api-tools for package idna security advisory``
|
||
* :vytask:`T6250` ``"policy route-map set table" cannot be deleted from the rule``
|
||
* :vytask:`T6252` ``GRE tunnels don't allow configuring MTU larger than 8024``
|
||
* :vytask:`T6255` ``Static table description should not contain white-space``
|
||
* :vytask:`T6263` ``Commit failures when trying to set an IGMP group with source address on an interface``
|
||
* :vytask:`T6269` ``Polixy route "set table" option is not working correctly``
|
||
* :vytask:`T6272` ``PPPoE configuration does not load after deleting a PPPoE interface from the system``
|
||
* :vytask:`T6276` ``Do not call config dependencies on script error``
|
||
* :vytask:`T6283` ``Cannot delete as-path prepend from policy when it contains more than one AS``
|
||
* :vytask:`T6284` ``IPoE server op mode commands do not show IPv6 addresses``
|
||
* :vytask:`T6299` ``Building VyOS (Dockerized) current ISO fails dues to unmet dependencies podman : Depends: libgpgme11t64 (>= 1.4.1) but it is not installable``
|
||
* :vytask:`T6305` ``IPoE interface wildcard validation error in firewall rules``
|
||
* :vytask:`T6307` ``procps is missing from vyos-1x build dependencies``
|
||
* :vytask:`T6317` ``VLAN doesn't work on a bridge with a wireless interface member``
|
||
* :vytask:`T6329` ``Firewall - Error while printing groups``
|
||
|
||
**Other resolved issues**
|
||
|
||
|
||
* :vytask:`T4516` ``Rewrite system image manipulation tools in Python``
|
||
* :vytask:`T5535` ``Move disable-directed-broadcast to firewall global-options``
|
||
* :vytask:`T6146` ``Add python script to get all priorities of service or section from XML``
|
||
* :vytask:`T6159` ``"show openvpn server" prints a superfluous "OpenVPN status on vtunx" message for every client connection``
|
||
* :vytask:`T6180` ``Add application of mask to configtree``
|
||
* :vytask:`T6185` ``Simplify marshalling of section and config data for config-sync``
|
||
* :vytask:`T6187` ``Use correct CPU counts adjusted for SMT when necessary``
|
||
* :vytask:`T6195` ``dropbear: package upgrade 2022.83-1 -> 2022.83-1+deb12u1``
|
||
* :vytask:`T6198` ``configverify: add common helper for PKI certificate validation``
|
||
* :vytask:`T6203` ``Remove references to the obsolete vyos.xml module (superseded by vyos.xml_ref)``
|
||
* :vytask:`T6208` ``container: rename "cap-add" CLI node to "capability"``
|
||
* :vytask:`T6234` ``PPPoE-server pado-delay refactoring``
|
||
* :vytask:`T6245` ``Unhandled exception in "show openvpn server"``
|
||
* :vytask:`T6295` ``netns: disable incomplete support in VyOS 1.4 sagitta``
|
||
* :vytask:`T6327` ``Drop boot console type ttyUSB (USB serial)``
|
||
* :vytask:`T6330` ``release.pref.chroot indentation broken``
|
||
|
||
1.4.0-epa2 (15th March 2024)
|
||
============================
|
||
|
||
|
||
|
||
**Configuration syntax changes (automatically migrated)**
|
||
|
||
|
||
* :vytask:`T6079` ``dhcp: migration fails for duplicate static-mapping``
|
||
|
||
**New features and improvements**
|
||
|
||
|
||
* :vytask:`T4977` ``Babel routing protocol support``
|
||
* :vytask:`T5504` ``Make it possible to set more than one peer-address in unicast VRRP``
|
||
* :vytask:`T5530` ``Add LFA to IS-IS``
|
||
* :vytask:`T5631` ``Ability to export the current configuration in JSON format``
|
||
* :vytask:`T5717` ``ospfv3 - add allow to set metric-type to ospf redistribution while frr docs says its possible.``
|
||
* :vytask:`T5772` ``Require HTTPS API server configurations to include at least one key if key-based auth is used``
|
||
* :vytask:`T5781` ``Add ability to add additional minisign keys``
|
||
* :vytask:`T6057` ``Add ability to disable syslog for conntrackd``
|
||
* :vytask:`T6060` ``op-mode: container: support removing all container images at once``
|
||
* :vytask:`T6087` ``ospfv3: add support to redistribute IS-IS routes``
|
||
|
||
**Bug fixes**
|
||
|
||
|
||
* :vytask:`T2998` ``SNMP v3 oid "exclude" option doesn't work``
|
||
* :vytask:`T4270` ``When "ignore-hosts-file" is unset, local hostname of the router resolves to 127.0.1.1 in the DNS forwarding service``
|
||
* :vytask:`T5121` ``Incorrect "architecture" config loaded``
|
||
* :vytask:`T5646` ``QoS policy limiter broken if class without match``
|
||
* :vytask:`T5909` ``Container registry with authentication prevents config load (section container) after reboot``
|
||
* :vytask:`T6004` ``Missing RPKI boot priority prevents it from loading``
|
||
* :vytask:`T6020` ``VRRP health-check script is not applied correctly in keepalived.conf``
|
||
* :vytask:`T6054` ``load-balancing wan - doesn't configure a list of ports``
|
||
* :vytask:`T6055` ``PKI error: "failed to install x value" when executed the command from conf mode``
|
||
* :vytask:`T6061` ``connection-status nat destination firewall filter not working in 1.4.0-epa1``
|
||
* :vytask:`T6069` ``HTTP API segfault during concurrent configuration requests``
|
||
* :vytask:`T6070` ``bnx2x NIC causes a commit error due to incorrect implementation of EEE status reading``
|
||
* :vytask:`T6073` ``Conntrack/NAT not being disabled when VRFs are defined``
|
||
* :vytask:`T6074` ``container: do not allow deleting images which have a container running``
|
||
* :vytask:`T6079` ``dhcp: migration fails for duplicate static-mapping``
|
||
* :vytask:`T6081` ``QoS policy shaper target and interval wrong calcuations``
|
||
* :vytask:`T6084` ``OpenNHRP DMVPN configuration file clean after reboot if we have any IPSec configuration``
|
||
* :vytask:`T6086` ``NAT does not work with network-groups``
|
||
* :vytask:`T6093` ``Incorrect dhcp-options vendor-class-id regex``
|
||
* :vytask:`T6096` ``Config commits are not synced properly because 00vyos-sync is deleted by vyos-router``
|
||
* :vytask:`T6098` ``Description doesnt seem to allow for non international characters``
|
||
* :vytask:`T6104` ``Regression in commit-archive for non-interactive configuration``
|
||
* :vytask:`T6107` ``Nginx does not allow big config queries for configure endpoint API``
|
||
* :vytask:`T6141` ``Trying to set PADO delay in PPPoE server without also configuring the session options causes a commit failure``
|
||
|
||
**Other resolved issues**
|
||
|
||
|
||
* :vytask:`T2199` ``Rewrite firewall in new XML/Python style``
|
||
* :vytask:`T5738` ``Extend XML building blocks``
|
||
* :vytask:`T5870` ``ipsec remote access VPN: add x509 ("pubkey") authentication``
|
||
* :vytask:`T5959` ``Streamline dns forwarding service``
|
||
* :vytask:`T6071` ``firewall: CLI description limit of 256 characters cause config upgrade issues``
|
||
* :vytask:`T6075` ``Applying firewall rules with a non-existent interface group``
|
||
* :vytask:`T6077` ``banner: implement ASCII contest winner default logo``
|
||
* :vytask:`T6083` ``ethtool: move string parsing to JSON parsing``
|
||
* :vytask:`T6095` ``Tab completion for "set interfaces wireless wlan0 country-code" incorrect country "uk"``
|
||
* :vytask:`T6214` ``Error when using some constraints``
|
||
|
||
1.4.0-epa1 (22th February 2024)
|
||
===============================
|
||
|
||
**Security**
|
||
|
||
|
||
* :vytask:`T4915` ``Minisign verification failure == pass??``
|
||
|
||
**Breaking changes**
|
||
|
||
|
||
* :vytask:`T5605` ``Do not generate keysize option in OpenVPN configs``
|
||
|
||
**Configuration syntax changes (automatically migrated)**
|
||
|
||
|
||
* :vytask:`T1991` ``Rework time services``
|
||
* :vytask:`T5877` ``Reduce unnecessary nesting in system domain-search path and improve smoketest``
|
||
|
||
**New features and improvements**
|
||
|
||
|
||
* :vytask:`T160` ``Support NAT64``
|
||
* :vytask:`T1991` ``Rework time services``
|
||
* :vytask:`T4221` ``Add a template filter for converting scalars to single-item lists``
|
||
* :vytask:`T4883` ``Add a description field for routing tables``
|
||
* :vytask:`T4940` ``Interface debugging``
|
||
* :vytask:`T5122` ``Move "archive-areas" to defaults.toml to support "non-free-firmware" repository``
|
||
* :vytask:`T5418` ``Allow arbitrary subnets in PPPoE client IP pools``
|
||
* :vytask:`T5449` ``Add options for TCP MSS probing``
|
||
* :vytask:`T5497` ``Add ability to resequence rule numbers for firewall``
|
||
* :vytask:`T5615` ``Narrow down spurious name conflict with mdns``
|
||
* :vytask:`T5877` ``Reduce unnecessary nesting in system domain-search path and improve smoketest``
|
||
* :vytask:`T5965` ``WWAN modems using raw-ip do not work with dhclient/dhcp6c``
|
||
* :vytask:`T5972` ``login: add possibility to disable individual local user accounts``
|
||
|
||
**Bug fixes**
|
||
|
||
|
||
* :vytask:`T2113` ``OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping``
|
||
* :vytask:`T2700` ``Redirecting traffic from PPPoE interface to IFB fails``
|
||
* :vytask:`T2801` ``conntrack-tools flooding logs``
|
||
* :vytask:`T3681` ``The VMware Tools resume script did not run successfully in this virtual machine.``
|
||
* :vytask:`T3774` ``atop logs are not limited in size``
|
||
* :vytask:`T3902` ``Firewall does not load on boot, address-group not found, even though it exists``
|
||
* :vytask:`T4796` ``build-vyos-image ignores multiple options``
|
||
* :vytask:`T5239` ``Host name and domain name missing from the FRR configuration``
|
||
* :vytask:`T5245` ``Wireless interfaces do not get IPv6 link-local address assigned``
|
||
* :vytask:`T5376` ``Conntrack FTP helper does not work properly``
|
||
* :vytask:`T5890` ``OTP key generation is broken``
|
||
* :vytask:`T5926` ``IPSEC does not apply after l2tp configuration was changed``
|
||
* :vytask:`T5977` ``nftables: Operation not supported when using match-ipsec in outbound firewall``
|
||
* :vytask:`T6005` ``Error on adding a wireguard interface to OSPFv3``
|
||
* :vytask:`T6043` ``VxLAN and bridge error bug``
|
||
* :vytask:`T6056` ``Applying 'system static-host-mapping' command calls unnecessary snmpd restart``
|
||
* :vytask:`T6064` ``Can not build VyOS if repository it not cloned to a branch``
|
||
|
||
**Other resolved issues**
|
||
|
||
|
||
* :vytask:`T671` ``Identify and remove dead code``
|
||
* :vytask:`T874` ``Support for Two Factor Authentication for CLI access via Google Authenticator/OTP``
|
||
* :vytask:`T1311` ``WAN load-balancing can't flush connections when conntrack-sync is enabled``
|
||
* :vytask:`T1436` ``Config entries with default values do not correctly show as changed``
|
||
* :vytask:`T1487` ``DNS (pdns_recursor) stats logs not saved to disk``
|
||
* :vytask:`T2433` ``Improve CLI value validator performance``
|
||
* :vytask:`T3337` ``Add possibility to serve static DNS zones from the router``
|
||
* :vytask:`T3471` ``DHCP hook is not able to detect all running DHCP instances``
|
||
* :vytask:`T3474` ``Revisit storing syntax version of interface definitions in XML file``
|
||
* :vytask:`T3522` ``policy based routing not working``
|
||
* :vytask:`T3574` ``Add constraintGroup for combining validators with logical AND``
|
||
* :vytask:`T3642` ``PKI configuration``
|
||
* :vytask:`T3722` ``op-mode IPSec show vpn ike sa always shows L-TIME 0``
|
||
* :vytask:`T3766` ``containers: Expanding options for networking and building containers``
|
||
* :vytask:`T4723` ``Error when issuing 'show flow-accounting interface pppoe0'``
|
||
* :vytask:`T4761` ``Add a generic URL validator``
|
||
* :vytask:`T4795` ``Cleanup custom python validators``
|
||
* :vytask:`T4951` ``Add an op mode exception for cases when operations fail due to insufficient system resources``
|
||
* :vytask:`T5109` ``Improve OCaml XML validator``
|
||
* :vytask:`T5195` ``Break up the vyos.util module``
|
||
* :vytask:`T5348` ``Service config-sync can freeze the secondary router if it has commit-archive location``
|
||
* :vytask:`T5605` ``Do not generate keysize option in OpenVPN configs``
|
||
* :vytask:`T5754` ``Update to StrongSwan 5.9.11``
|
||
* :vytask:`T5846` ``Refactor and simplify DUID definition in conf-mode``
|
||
* :vytask:`T5903` ``NHRP don´t start on reboot from version 1.5-rolling-202401010026``
|
||
* :vytask:`T6001` ``Add option to enable resolve-via-default``
|
||
* :vytask:`T6015` ``"journalctl_charon" file does not contain data in the generated "ipsec debug-archive" file``
|
||
* :vytask:`T6050` ``Wrong scripting commands descriptions in accel-ppp services``
|
||
* :vytask:`T6078` ``Update ethtool to 6.6``
|