6.0-alpha2
-----
💥 Breaking Changes
• Based on the latest OpenWrt 21.02.3 release
• LuCI supports L2 and L3 configuration
• LTS kernel 5.15
• Foris removed (use reForis exclusively now)
🚀 New Features
• Morce (integrated IDS)
• Wi-Fi 6 cards supported
• Turris Auth (login gateway)
• Parental control (PaKon) now has a separate page
• New LEDs driver for all routers
• Dashboard in LuCI
• NetMetr supports measurement with IPv6 address
• Improved support for Turris 1.x routers
• New Device Tree
• PowerPC SPE utilized – should improve performance
• Knot Resolver by default
🐛 Bug Fixes
• Allow managing interfaces in reForis for Turris 1.x
• Fixed Ethernet ports numbering for Turris MOX in reForis
📌 Updates
• Python version 3.7 ➔ 3.9
• Lighttpd version ➔ 1.4.66
📦️ Other Changes
• Obsolete SIDN package feed dropped
5.4.2
-----
🐛 Bug Fixes
• Fixed collision with libgd
• Fixed collision with vim
📌 Updates
• Kernel to version 4.14.291
5.4.1
-----
🐛 Bug Fixes
• Fixed Unicode support in BusyBox
• Fixed showing Turris OS versioning mismatch
📌 Updates
• zlib to version 1.2.12
5.4.0
-----
💥 Breaking changes
• PHP update to version 7.4
🚀 New Features
• Timezone in email notifications
🐛 Bug Fixes
• reForis fix session handling when time is wrong
📌 Updates
• Nextcloud to version 21.0.9
• Unbound to version 1.16.2
• Kernel to version 4.14.290
5.3.11
-----
* Updated kernel to version 4.14.287
* Updated Knot Resolver to version 5.5.1
* Updated unbound to version 1.16.1
* Updated syslog-ng to version 3.37.1
* Updated bird2 to version 2.0.10
* Updated bind to version 9.16.30
* Updated wireguard to version 1.0.20220627
* Dropped moonjit in favor of upstream luajit package
* Improvement for switch-branch to prevent downgrades
* Fixed removing directories with local opkg install
* Security fixes
* netatalk
* FFmpeg
* libxml2
* OpenSSL
* beep
5.3.10
-----
* Added Sentinel device token in reForis
* Added PHY drivers for Turris 1.x routers
* Updated USB device database
* Updated RIPE Atlas SW probe
* Updated kernel to version 4.14.280
* Security fixes
* ecdsautils
* postgresql
5.3.9
-----
* Based on the latest OpenWrt 19.07.10
* Added SANE drivers
* Fixed expiration time for static leases in reForis
* Fixed Turris 1.x specific issue regarding interfaces management in reForis
* Updated ffmpeg to version 4.2.6 and added more decoders (fixes CVE-2020-22027)
* Updated BIND to version 9.16.28
* Updated Knot Resolver to version 5.5.0
* Updated kernel to version 4.14.277
* Security fixes
* wolfSSL
* Zabbix
* ruby
5.3.8
-----
* Updated kernel to version 4.14.275
* Multiple fixes for Turris 1.x routers
* Fixed Foris Controller with a single Wi-Fi card
* Force read-write to microSD card slot
* Updated OUI database for MAC addresses
5.3.7
-----
* Updated kernel to version 4.14.274
* Sentinel improvements
* Updated syslog-ng
* Fixed switch-branch and listing versions
* Security fixes
* bind
* OpenSSL
* zlib
* python3
5.3.6
-----
* Based on the latest OpenWrt 19.07.9
* Updated kernel to version 4.14.269
* Updated unbound, fosquitto, foris-forwarder
* Security fixes
* tcpdump
* MbedTLS
* hostapd
* wolfSSL
* expat
5.3.5
-----
* Updated kernel to version 4.14.264
* Updated several packages such as Knot Resolver, nano
* Additional fix for RTC on Turris 1.x routers
* Security fixes
* Prosody
* uriparser
* lighttpd
* ruby
* nss
5.3.4
-----
* Updated kernel to version 4.14.262
* Updated mac80211 to version 4.19.221
* Updated several packages such as zsh, domoticz
* Fixed RTC issue on Turris 1.x routers
* Fixed remote storages in schnapps
* Fixed initial SFP configuration for Turris MOX
* Security fixes
* PostgreSQL
* c-ares
5.3.3
-----
* Fixed network configuration in medkit for Turris Shield
* Updated Knot Resolver
5.3.2
-----
* Various fixes for migration from Turris OS 3.x
* Security fixes
* MariaDB
* icu
* Updated Knot Resolver, Unbound, and others
5.3.1
-----
* reForis
* Several bug fixes
* Updated translations
* Security fixes
* ffmpeg
* Updated Knot Resolver and lighttpd
5.3.0
-----
* Sentinel improvements
* Foris and reForis starts on demand
* Updated Nextcloud
5.2.7
-----
* Updated kernel and fixed mac80211 vulnerability - CVE-2020-3702
* Fixed git vulnerability - CVE-2021-21300
* Fixed BIND vulnerability - CVE-2021-25218
* Fixed tor vulnerabilities - CVE-2021-34548, CVE-2021-34549, and CVE-2021-34550
* Fixed HAProxy vulnerability - CVE-2021-40346
* Security updates for irssi, python3
* Re-add systemd workaround for LXC
5.2.6
-----
* Bring back https-dns-proxy for Turris MOX
* Security fixes
* OpenSSL
* file
* tar
* mc
* apr
5.2.5
-----
* Based on the latest OpenWrt 19.07.8
* Updated kernel to version 4.14.241
5.2.4
-----
* Fixed downloading LXC images
* Security fixes
* Python 3
* Candela Tech (ath10k-ct) drivers
* MariaDB
* Apache2
5.2.3
-----
* Fixed Nextcloud installation in Web UI
* Fixed AppStore in Nextcloud
5.2.2
-----
* reForis
* Add support for more extended Honeypot as a Service token
* Add support in Network Interfaces for Turris 1.x routers
5.2.1
-----
* reForis
* Several bug fixes
* Update translations
* Fixed dhparam generation for some OpenVPN server instances
5.2.0
-----
* New reForis features
* Overview tab
* Storage plugin with option for persistent system logs
* Factory reset from web interface
* Support for Honeypot as a Service (haas.nic.cz)
* Add option to change hostname in reForis
* Fix DHCP range configuration check
* A few design improvements
* WebApps: New graphical design with optional dark mode
* Turris MOX: Update firmware for SDIO card
* Add RIPE Atlas SW probe, common passwords as package lists
* Automatic installation of drivers for limited amount of LTE and DVB devices
5.1.10
-----
* Fixed Python3 vulnerabilities - CVE-2021-3177 and CVE-2021-23336
* Fixed Open vSwitch vulnerability - CVE-2020-35498
* Fixed screen vulnerability - CVE-2021-26937
* Fixed BIND vulnerability - CVE-2020-8625
5.1.9
-----
* Based on the latest OpenWrt 19.07.7
* Updated kernel to version 4.14.221
* Fixed Baron Samedit sudo vulnerability - CVE-2021-3156
* Fixed wolfSSL vulnerabilities - CVE-2021-3336 and CVE-2020-36177
5.1.8
-----
* Minor fixes in logging of dnsmasq
5.1.7
-----
* Based on the latest OpenWrt 19.07.6 version
* Security update for dnsmasq
* Fixes DNS vulnerabilities named DNSpooq
5.1.6
-----
* Fixed possible XSS issue in Foris next query parameter.
* Fixed syslog warning in resolver dynamic domain script.
5.1.5
-----
* Based on the latest OpenWrt 19.07.5 version
* Fix for OpenVPN client when filename has multiple dots or dashes
* Fixed bug in reForis in setting up custom mail server for notifications
* Improvements regarding Data Collection in migration script from Turris OS 3.x
5.1.4
-----
* Update DNS rules based on DNS Flag Day 2020
* Fixed issue in Netboot list while using opt-in migration from Turris OS 3.x
* Several other fixes
5.1.3
-----
* Fixed issue when CA for OpenVPN was not created in some cases
* Make factory reset on Turris Shield easier - long pressing RESET button does factory reset
5.1.2
-----
* Changed priority of port forwarding for data collect firewall to not overrule user's rules.
* Fixed issue with data collect firewall logs collecting in some cases causing high system load
5.1.1
-----
* Based on the latest OpenWrt 19.07.4
* Various security updates
5.1.0
-----
* Introduced new data collection system Sentinel
* reForis (future default web interface)
* Now installed by default
* Added NetMetr, OpenVPN client, and remote devices plugins
* Package lists
* Expanded with labels and additional options
* Added option to select alternative WiFi drivers
* Nextcloud updated to version 18
* Removed old Device Detection based on Suricata
5.0.4
-----
* Guest network on Turris MOX SDIO card is now supported
5.0.3
-----
* Updated WireGuard, Knot Resolver and Nextcloud
* Syslog-ng detect disabled IPv6 on loopback and fallback to IPv4
5.0.2
-----
* Hotfixed OpenSSL on Turris 1.x routers
* Knot Resolver DNSSEC root key is now read only (not periodically updated)
5.0.1
-----
* Improved experimental migration from Turris OS 3.x
* Prevent updates overwrite cron configuration file
* Add possibility to backup public key for RIPE Atlas probe
5.0.0
-----
* Based on latest OpenWrt 19.07 and Linux 4.14
* New features for reForis including remote control and snapshots integration
* Add secondary DNS servers and enable TLS for Google DNS
* Replaced Vixie-cron with cronie
* Webapps: Forward to HTTPS if possible
* Updater: Drop compatibility for releases before v4.0-beta2
* MOX: I2C-1 on GPIO pinheader is now enabled
4.0.6
-----
* updater: fix packages provides and modify virtual packages behavior
* kernel: updated to version 4.14.167
* zerotier: add /etc/config/zerotier as configuration file
* avrdude: fix GPIO path building
* mbedtls: updated to version 2.16.4
Fixes: CVE-2019-18222
* tiff: updated to version 4.1.0
Fixes: CVE-2019-14973, CVE-2019-17546, CVE-2019-7663, CVE-2019-6128
4.0.5
-----
* Based on the latest OpenWrt 18.06.6
* kernel: update to version 4.14.162
* python3: update to version 3.6.10
* wget: fix CVE-2019-5953
* unbound: update to version 1.9.6
* php7: update to version 7.2.26
Fixes: CVE-2019-11044, CVE-2019-11045, CVE-2019-11046, CVE-2019-11047, CVE-2019-11050
* nano: update to version 4.7
* openssl: update to version 1.0.2u
* bird: update to version 1.6.8
* reforis: update to the latest development version, adds openvpn-plugin
* ffmpeg: update to version 4.0.5
Fixes: CVE-2019-12730, CVE-2019-17539, CVE-2019-17542
* e2fsprogs: fix CVE-2019-5094
* christmas: removed from default installation
4.0.4
-----
* Not found
4.0.3
-----
* Merry Christmas!
🔔🔔🔔
* kernel: updated to version 4.14.158
* foris-controller-subordinates-module: limit custom name length
* tvheadend: ensure the first setup works
* libvpx: fix CVE-2019-9232, CVE-2019-9325, CVE-2019-9371, CVE-2019-9433
* git: updated to version 2.16.6, fix multiple CVEs
4.0.2
-----
* Based on the latest OpenWrt 18.06.5
* added missing hardening package list
* fixed autodetection of router address in Foris OpenVPN
* irssi: updated to version 1.2.2, fix CVE-2019-15717
* sudo: updated to version 1.8.28p1, fix CVE-2019-14287
* bind: updated to version 9.11.13, fix CVE-2019-6477
* openldap: updated to version 2.4.48, fix CVE-2019-13565
* kernel: updated to version 4.14.156
* libpcap: updated to version 1.9.1, fix CVE-2019-1516{1,2,3,4,5}
* tcpdump: updated to version 4.9.3, fix multiple CVEs
* python: updated to version 2.7.17
* php7: updated to version 7.2.25, fix CVE-2019-11043, CVE-2019-11042
* mariadb: updated to version 10.4.10, fix CVE-2019-2974, CVE-2019-2938
* foris: updated to version 100.6
* foris-controller: updated to version 1.0.6
* python[3]-cryptography: fix CVE-2018-10903
* ustream-ssl: CVE-2019-5101, CVE-2019-5102
* unbound: updated to version 1.9.5, fix CVE-2019-18934
* haproxy: updated to version 1.8.23, fix CVE-2019-19330
* lxc: fix CVE-2019-5736
* tor: updated to version 4.1.6
* nano: updated to version 4.6
* libiconv: updated to version 1.16
* enable RTC NVMEM access for Turris 1.x
* luci-compat, lmdb: new packages
4.0.1
-----
* include eeprom drive in Omnia medkits (used in some tests)
* fix reForis dependencies
* expat: updated to version 2.2.9, fix CVE-2018-20843, CVE-2019-15903
* python[2,3]: fix CVE-2019-16056, CVE-2019-16935
* libgcrypt: fix CVE-2019-13627
* mosquitto: updated to version 1.5.9, fix CVE-2019-11779
* python-crypto: fix CVE-2013-7459 and CVE-2018-6594
* security fix for Foris translation
* unbound: update to version 1.9.4, fix CVE-2019-16866
* haveged: update to version 1.9.8
* nextcloud: update to version 16.0.5
* nano: update to version 4.5
* python3-pip: fix shebang
4.0
---
* experimental support for multiple drives in storage plugin
* hostapd: fix CVE-2019-16275
* zmq: fix CVE-2019-13132
* django: updated to version 1.8.19, fix CVE-2018-753{6,7}
4.0-beta11
----------
* mariadb: updated to version 10.4.8
4.0-beta10
----------
* haveged: updated to version 1.9.6
* keepalived: update to version 1.4.5, fix CVE-2018-19115
* lighttpd: updated to version 1.4.54, fix CVE-2019-11072
* libarchive: updated to version 3.4.0, multiple CVE fixes
* bind: updated to version 9.11.10, multiple CVE fixes
* dovecot: updated to version 2.2.36.4, fix CVE-2019-7524
* pigeonhole: updated to version 0.4.24.2, fix CVE-2019-11500
* nano: updated to version 4.4
* unbound: updated to version 1.9.3
* nextcloud: updated to version 16.0.4
* bzip2: fix CVE-2019-12900
* wget: fix CVE-2018-20483
* wolfssl: fix CVE-2018-16870, CVE-2019-13628
* iptables: fix CVE-2019-11360
* tar: fix CVE-2018-20482, CVE-2019-9923
* musl: fix CVE-2019-14697
* patch: fix CVE-2019-1363{6,8}
* apinger: updated to the latest git revision
* speedtest-netperf: new package
4.0-beta9
---------
* golang: fix for CVE-2018-1687{3,4,5}, CVE-2019-6486
* squid: update to version 3.5.28
* foris: fix AttributeError password_set
4.0-beta8
---------
* nextcloud: updated to version 16.0.3
* mariadb: updated to version 10.4.7
* unbound: updated to version 1.9.2
* nodogsplash: updated to version 4.0.1
* libaio: updated to version 0.3.112
* libdouble-conversion: updated to version 3.1.4
* subversion: fix for CVE-2018-11782, CVE-2019-0203, CVE-2018-11803
* kernel: fix for CVE-2019-3846, CVE-2019-3900
4.0-beta7
---------
* python3: updated to version 3.6.9
* python2: updated to version 2.7.16
* python{2,3}: fix for CVE-2018-20852
4.0-beta6
---------
* Based on latest OpenWrt 18.06.4
* Fixed Foris error manifesting in network tab in some configurations
* irssi: CVE-2019-13045
* asterisk{13,15}: fix AST-2019-003
4.0-beta5
---------
* Initial support for Nextcloud setup from Foris
* Storage plugin is now part of the base installation
* Added CESNET feed with Nemea
* znc: CVE-2019-12816
* Fixed kernel panic sometimes occurring on Omnia
4.0-beta4
---------
* foris: fixed issue when English was the only language
* php7: updated to 7.2.17
* libxml2: updated to 2.9.9, fixed CVE-2018-14404
* hostapd: fixed CVE-2019-949{4,5,6,7,8,9}, CVE-2019-11555
* block-mount: fix restart of fstab service
4.0-beta3
---------
* improved netboot to support remote management
* syslog-ng service stop fix
* updater: packages removal happens now at the same time as packages installation
* fosquitto: simplified init and respawn
* knot 2.7.7
* kernel: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
4.0-beta2
---------
* New implementation of dev-detect which does not depend on Pakon (experimental)
* Fixed default encryption method for passwd from package shadow. Reset your
system user's passwords (including root) if you set them by passwd.
* LXC fixes for systemd based hosts
* Foris: packages lists UI reworked
* Foris: improved "no link" message in WAN tab
* Netmetr: fixed initial setup
* Nextcloud: dropped duplicate Referrer-Policy and updated to 16.0.1
* Commit hash replaced with router name in banner
* Suricata updated to version 4.0.7
* kmod-usb2 is now part of base installation
* ACL enabled for BTRFS
* libxslt: CVE-2019-11068
* prosody: CVE-2018-10847
* python-urllib3: CVE-2019-9740, CVE-2019-11324
4.0-beta1
---------
* New version of updater-ng with completely rewritten network backend which
dramatically decreases memory consumption during update.
* Fixed problem in updater-supervisor which caused updater to behave as
deactivated even if user set it otherwise.
* Nextcloud updated to latest version (15.0.7)
* Fixed crash on time tab in Foris on devices without Wi-Fi
* switch-branch now reinstalls all packages on branch switch to mitigate problems
when switching to and from HBD (OpenWRT master <-> OpenWRT 18.06).
* Default setting of IPv6 in Foris is now DHCPv6
* Fixed IPv6 prefix delegation in default installation
* Foris now correctly displays steps in initial setup guide
* Fix rainbow in Luci on Omnia
* Do not use ath10k-ct on Omnia
* Improved LXC support and fixes (some issues still remain)
* System logs and lograte changed to limit logs size
* Added basic support for Turris OS 3.x migration
* Python3 updated to 3.6.8
* Repository path on repo.turris.cz changed (in compatible way)
* Production addresses for CZ.NICs ODVR including DNS over TLS support
4.0-alpha5
----------
* Fixed Foris updater tab crash on new installation
* Fixed crash when Pakon was invoked with empty database
* libssl2 CVE fixes
* Mozilla IOT gateway updated to 0.6.0
* added uboot mkimage package
* Nextcloud updated to 15.0.5
* fixed some issues with peridot and sfp
4.0-alpha4
----------
* Fixed compilation of Tvheadend that was missing in alpha3
* Fixed problem with notifications containing _() if no language was installed
* atsha204 fix for potential security issue
4.0-alpha3
----------
* Added support for Mox OTP (command mox-otp)
* Fixed LEDs on Omnia (rainbow)
* SFP on Omnia can be now used by changing used device tree
* Updater-ng should now require less memory to update system
* Domains of DHCP clients in DNS were fixed
* Various packages updates and new Luci theme called Rosy
4.0-alpha2
----------
* Based on latest OpenWRT 18.06.2
* New Updater configuration (requires updater reconfiguration!)
* Packages lists cleaned up and some unmaintained ones were dropped
* New version of Foris with new backend bus based on MQTT
* Upstream versions for some primary packages were backported
* Fixed compilation for most of the packages
* And other small fixes in a lot of system utilities
4.0-alpha1
----------
* Rebased on latest OpenWRT
* Turris 1.x migrated to musl libc