Security Release
Image Version: 8-23.05.3-ns.1.0.1
This is an important security release for NethSecurity. This update addresses a critical security vulnerability and includes several essential bug fixes and feature enhancements.
Security Vulnerability Addressed
- GHSA-74xv-ww67-jjpx (disclosure will be published on 2024-06-20)
Note: No known attacks exploiting this vulnerability are currently known in the wild.
Other Bug Fixes
- Ipsec: fix non working tunnel if selected WAN is a PPPoE over vlan
- MultiWAN: force maximum length for rules and policies names
- OpenVPN Road Warrior: prevent creation of users with trailing spaces
- Inventory: improve data collection for subscriptions and network
- Migration: fix OpenVPN Road Warrior users not visible in UI after migration
- API server: improved stability and performance by optimizing boot order for proper startup at boot time
How to Update NethSecurity
Users can update their machines directly from the UI:
- Navigate to the “Updates” page
- Click on the “Check for fixes” button
- Apply all updates
Make sure the ns-ui package version is >= 1.0.1.
Alternatively, users can upgrade the installation using the new image provided. or using the image-based upgrade procedure from the UI:
We strongly recommend all users to apply this update as soon as possible to ensure the security and stability of their systems.
NS8 Controller
The issue affects also NethServer 8 Controller application.
An update has been already release.
Make sure to have installed version >= 0.0.20.
How to update the controller
Users can update their instances from the Software Center:
- Access the NethServer 8 cluster user interfac
- Go to the Software Center and click “Reload repositories” button
- Update all NethSecurity instances