1.2.6-S1

1.2.6-S1 is a security release release made in September 2020.

Resolved issues

VyOS 1.2.6 release was found to be suspectible to CVE-2020-10995. It’s a low- impact vulnerability in the PowerDNS recursor that allows an attacker to cause performance degradation via a specially crafted authoritative DNS server reply.

  • T2899 remote syslog server migration error on update

1.2.6

1.2.6 is a maintenance release made in September 2020.

Resolved issues

  • T103 DHCP server prepends shared network name to hostnames
  • T125 Missing PPPoE interfaces in l2tp configuration
  • T1194 cronjob is being setup even if not saved
  • T1205 module pcspkr missing
  • T1219 Redundant active-active configuration, asymmetric routing and conntrack-sync cache
  • T1220 Show transceiver information from plugin modules, e.g SFP+, QSFP
  • T1221 BGP - Default route injection is not processed by the specific route-map
  • T1241 Remove of policy route throws CLI error
  • T1291 Under certain conditions the VTI will stay forever down
  • T1463 Missing command show ip bgp scan appears in command completion
  • T1575 show snmp mib ifmib crashes with IndexError
  • T1699 Default net.ipv6.route.max_size 32768 is too low
  • T1729 PIM (Protocol Independent Multicast) implementation
  • T1901 Semicolon in values is interpreted as a part of the shell command by validators
  • T1934 Change default hostname when deploy from OVA without params.
  • T1938 syslog doesn’t start automatically
  • T1949 Multihop IPv6 BFD is unconfigurable
  • T1953 DDNS service name validation rejects valid service names
  • T1956 PPPoE server: support PADO-delay
  • T1973 Allow route-map to match on BGP local preference value
  • T1974 Allow route-map to set administrative distance
  • T1982 Increase rotation for atop.acct
  • T1983 Expose route-map when BGP routes are programmed in to FIB
  • T1985 pppoe: Enable ipv6 modules without configured ipv6 pools
  • T2000 strongSwan does not install routes to table 220 in certain cases
  • T2021 OSPFv3 doesn’t support decimal area syntax
  • T2062 Wrong dhcp-server static route subnet bytes
  • T2091 swanctl.conf file is not generated properly is more than one IPsec profile is used
  • T2131 Improve syslog remote host CLI definition
  • T2224 Update Linux Kernel to v4.19.114
  • T2286 IPoE server vulnerability
  • T2303 Unable to delete the image version that came from OVA
  • T2305 Add release name to “show version” command
  • T2311 Statically configured name servers may not take precedence over ones from DHCP
  • T2327 Unable to create syslog server entry with different port
  • T2332 Backport node option for a syslog server
  • T2342 Bridge l2tpv3 + ethX errors
  • T2344 PPPoE server client static IP assignment silently fails
  • T2385 salt-minion: improve completion helpers
  • T2389 BGP community-list unknown command
  • T2398 op-mode “dhcp client leases interface” completion helper misses interfaces
  • T2402 Live ISO should warn when configuring that changes won’t persist
  • T2443 NHRP: Add debugging information to syslog
  • T2448 monitor protocol bgp subcommands fail with ‘command incomplete’
  • T2458 Update FRR to 7.3.1
  • T2476 Bond member description change leads to network outage
  • T2478 login radius: use NAS-IP-Address if defined source address
  • T2482 Update PowerDNS recursor to 4.3.1 for CVE-2020-10995
  • T2517 vyos-container: link_filter: No such file or directory
  • T2526 Wake-On-Lan CLI implementation
  • T2528 “update dns dynamic” throws FileNotFoundError excepton
  • T2536 “show log dns forwarding” still refers to dnsmasq
  • T2538 Update Intel NIC drivers to recent release (preparation for Kernel >=5.4)
  • T2545 Show physical device offloading capabilities for specified ethernet interface
  • T2563 Wrong interface binding for Dell VEP 1445
  • T2605 SNMP service is not disabled by default
  • T2625 Provide generic Library for package builds
  • T2686 FRR: BGP: large-community configuration is not applied properly after upgrading FRR to 7.3.x series
  • T2701 vpn ipsec pfs enable doesn’t work with IKE groups
  • T2728 Protocol option ignored for IPSec peers in transport mode
  • T2734 WireGuard: fwmark CLI definition is inconsistent
  • T2757 “show system image version” contains additional new-line character breaking output
  • T2797 Update Linux Kernel to v4.19.139
  • T2822 Update Linux Kernel to v4.19.141
  • T2829 PPPoE server: mppe setting is implemented as node instead of leafNode
  • T2831 Update Linux Kernel to v4.19.142
  • T2852 rename dynamic dns interface breaks ddclient.cache permissions
  • T2853 Intel QAT acceleration does not work