Good day folks,Lots of third party security updates, plugin updates and minor enhancements in overall system reliability.In other news the firewall alias API has been finished in the development version. If you use the development version you cannot go back to the production version until the API has been released there as well, which is probably 18.7.3 so not too far away. We are happy about all reports of the new alias pages and API usability.We will soon begin the migration work for FreeBSD 11.2 for 19.1, but please keep in mind that we will be issuing security advisories to 11.1 when they arise even beyond the original end of life policy.Here are the full patch notes:o system: select correct network interface in case of IPv6 gateway lookupso system: tighten system wizard ACL and menu registrationo system: do not wrap first column of log viewer (contributed by Alexander Graf)o firewall: return alias types to repair its outbound NAT rule edito firewall: hide NAT redirect target port when port is not applicableo firewall: alias API is now live on the development version and will migrate your aliases to the new formato interfaces: allow explicit MTU to reach the 6RD deviceo interfaces: remove use of adv_dhcp6_prefix_interface_statement_sla_id (contributed by Team Rebellion)o interfaces: fix for DHCPv6 not being restarted for tracked interfaces (contributed by Team Rebellion)o interfaces: fix adding interfaces LAN bug of translated web GUI (contributed by Werner Fischer)o interfaces: remove incorrect display of prefix ID in help text for tracking configurationo interfaces: add groups to interface details outputo interfaces: remove unused code and other nonfunctional cleanupso interfaces: use "x" in the list widget for no carriero interfaces: hide global IPv6 address in list widget if DHCPv6 is set to use only a prefixo dhcp: remove unused inputs from static mapping pageo dhcp: treat EFI BC the same as EFI x86-64 (contributed by andi-makandra)o ipsec: add automatic key exchange optiono openvpn: fix /32 host validation logico openvpn: clean up control sockets prior to startupo openvpn: align user authentication to use common_name as usernameo mvc: add iterateItems() method to base field type to simplify call flowo mvc: fix configd asList helper (contributed by Fabian Franz)o mvc: add configd XML attributes to template parsero ui: allow version query to match on main.css probingo ui: footer cleanups and static page repairs where boxing was not correcto ui: no minified version for tokenize2o ui: fix table headers in dialogs (contributed by Fabian Franz)o plugins: os-bind 1.1 adds 3 DNSBL providers (contributed by Michael Muenz)o plugins: os-freeradius 1.8.0 adds basic SQLite support (contributed by Michael Muenz)o plugins: os-haproxy 2.8[1] (contributed by Frank Wall)o plugins: os-nginx 1.0 (contributed by Fabian Franz)o plugins: os-postfix 1.5 allow empty destination in transport (contributed by Michael Muenz)o plugins: os-telegraf 1.5.1 adds ElasticSearch output and disk ignore fix (contributed by Michael Muenz)o plugins: os-theme-rebellion 1.4 style fixeso src: L1 terminal fault (L1TF) kernel information disclosure[2]o src: resource exhaustion in IP fragment reassembly[3]o ports: ntp 4.2.8p12[4]o ports: openssl 1.0.2p[5]o ports: phalcon 3.4.1[6]o ports: php 7.1.21[7]o ports: sudo 1.8.24[8]o ports: wpa_supplicant security updates[9]Stay safe,Your OPNsense team--[1] https://github.com/opnsense/plugins/pull/772 [2] https://www.freebsd.org/security/advisories/FreeBSD-SA-18:09.l1tf.asc [3] https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.asc [4] http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities [5] https://www.openssl.org/news/cl102.txt [6] https://github.com/phalcon/cphalcon/releases/tag/v3.4.1 [7] http://php.net/ChangeLog-7.php#7.1.21 [8] https://www.sudo.ws/stable.html [9] https://w1.fi/security/2018-1/