Hey everyone,

Updates are slower than usual at the moment, but it is also relatively calm out there security-wise. While this finally ships Kea version 3 we are still working on the package manager version 2 and Suricata 8 with good results. Stay tuned!

Here are the full patch notes:

• system: fix reconfigure control on HA status page for small viewports
• system: add pluginctl -m and -v options for model migrations and validations calls
• system: add "power off" backend action to GUI cron options
• interfaces: replace MAC vendor database from py-netaddr with a simple local implementation
• interfaces: refactor getting both devices from interface in settings page
• interfaces: get both devices of interface in one call
• interfaces: fix flags display in interface overview detail
• firewall: treat "skip" protocol as a string to avoid syntax error
• firewall: improve alias parsing performance in diagnostics page
• intrusion detection: make grids virtual to fix performance issues
• kea-dhcp: honour IPv4 client specific reservation domain name option (contributed by NOYB)
• lang: new Ukrainian language and assorted updates
• monit: fix migration weirdness with run/post use
• unbound: add support for TXT records in host overrides
• backend: add "!" operator to execute and flush cache when it exists
• mvc: remove empty string fallbacks for backend invokes that are no longer needed
• mvc: more style changes on existing core models
• mvc: disable Dnsmasq/Unbound template generation
• mvc: remove getDescription() overlay in ModelRelationField
• ui: legacy_html_escape_form_data() was not escaping keys only data elements[1] (reported by Alex Williams from Pellera Technologies)
• ui: do not add an empty option into an empty option group
• ui: add datetime-local to field types
• plugins: os-caddy 2.0.4[2]
• plugins: os-netbird 1.1 fixes service startup and switches to syslog (contributed by Bethuel Mmbaga)
• plugins: os-theme-advanced 1.1 fixes styling issues on 25.7 (contributed by Jaka Prašnikar)
• plugins: os-zabbix-agent 1.17[3]
• plugins: os-zabbix-proxy 1.14[4]
• ports: dnspython 2.8.0[5]
• ports: kea 3.0.1[6]
• ports: libpfctl 0.17
• ports: lighttpd 1.4.82[7]
• ports: nss 3.116[8]
• ports: openvpn 2.6.15[9]
• ports: php 8.3.26[10]
• ports: py-requests 2.32.5
• ports: suricata 7.0.12[11]
• ports: unbound 1.24.0[12]

Stay safe,
Your OPNsense team