VyOS Networks Blog

Building an open source network OS for the people, together.

VyOS 1.3.6 maintenance release

Daniil Baturin
Posted 14 Feb, 2024

Hello, community!
VyOS 1.3.6 LTS release is here — with many bug fixes and security updates. The most important are fixes for denial of service vulnerabilities in the HTTPS API server and web proxy and more

Security

Bug fixes

  • The run restart VPN command works correctly again (T5715).
  • run show OpenVPN servers no longer fails with an exception if executed at a moment when tunnel IP address is not set (T5817).
  • Dynamic DNS client now correctly works on VLAN interfaces (T5852).
  • Fixed an issue that could make USB serial console stop working (T4646).
  • The WireGuard configuration syntax migration scripts now correctly handled configs with default private key (T5924).
  • Deleting configuration of an entire Ethernet interface now correctly deletes all its child VIF links from the kernel (T4638).

Behavior changes

  • Various HTTPS security headers for the OpenConnect VPN are enabled by default now (T5796). Please let us know if you notice any unusual or undesirable effects from this change!

New features

VRRP gratuitous ARP parameters

It's now possible to explicitly tune GARP parameters in VRRP to help hosts update their ARP tables quickly when a backup router becomes active.


set high-availability vrrp global-parameters garp interval '1.334'
set high-availability vrrp global-parameters garp master-delay '4'
set high-availability vrrp global-parameters garp master-refresh '5'
set high-availability vrrp global-parameters garp master-repeat '7'
set high-availability vrrp global-parameters garp master-refresh-repeat '6'
set high-availability vrrp group ETH0 garp master-delay '11'
set high-availability vrrp group ETH0 garp master-refresh '12'
set high-availability vrrp group ETH0 garp master-repeat '14'
set high-availability vrrp group ETH0 garp master-refresh-repeat '13'

Other features

  • Minimum TTL option for BFD: set protocols bfd peer minimum-ttl <1-254> (T5967).

That's all for now, but 1.3.6 is certainly not the last release in the 1.3.x LTS series — we plan to support it for at least one more year.
The post categories: release security 1.3

Comments

Blog Categories

RSS Freed arrow
See All Categories