BSD Commit Log Search

firmware: stop buffering in sed

Since cmd_output was made the generic filter for subscriptions
the update log showed signs of excessive buffering.  This brings
it back to where it was and also improves the old read case.

Condition should be OR for the ACL check

hostwatch: pin warning banner to enabled flag (#10368)

Closes https://github.com/opnsense/core/issues/10196

ui: style fixes

Firewall: Rules: LAN - fix for missing HTML escape

PR: CVE-2026-49131
(cherry picked from commit 37cc231a6844f343723be6ae1a84d73941a1b408)

dashboard / certificates - remove unused data-tooltip that is not properly escaped

PR: CVE-2026-49132
(cherry picked from commit 2e2a782102d4d2973580317545acf307d0a7e423)

network time: cleanse port option before use

This is also a continuation of 770480715b15.  Moving the validation
inside the respective function makes sense.  Also checking if the
name and expected file type is present before continuing.

Also bring in the PPS unlink() fix into GPS and always use the default
init string if nothing else given -- may be wrong but at least this
was the code intention only obscured by the wrong logic expression.

PR: GHSA-872g-g543-j37m
(cherry picked from commit 3183b3ed1fc0f66234b61143304e7ac0c57ba6f6)

network time: cleanse port option before use

This is also a continuation of 770480715b15.  Moving the validation
inside the respective function makes sense.  Also checking if the
name and expected file type is present before continuing.

Also bring in the PPS unlink() fix into GPS and always use the default
init string if nothing else given -- may be wrong but at least this
was the code intention only obscured by the wrong logic expression.

PR: GHSA-872g-g543-j37m

dashboard / certificates - remove unused data-tooltip that is not properly escaped

PR: CVE-2026-49132

Firewall: Rules: LAN - fix for missing HTML escape

PR: CVE-2026-49131

make sweep

Firewall: NAT: Set source NAT specific form and API call behind volt templating conditions

network time: small cleanups in ntpd_configure_gps()

(cherry picked from commit 95bedd865b0451128c1d4163010bf30682ab0293)

mvc: do not translate empty strings

PR: https://github.com/opnsense/core/issues/10369
(cherry picked from commit 92bdd548deaca699fc14651b1f20861f231d0968)

Firewall: NAT: Add setMode endpoint for saving the snat_mode via the reconfigureAct

system: sync ACL name

PR: https://github.com/opnsense/core/issues/9471
(cherry picked from commit 524440c0c66347bb50edbf691bb1633b7a350ead)

mvc: OptionField: allow empty values in options

This falls back to the key which isn't going to be translated
since it's likely a technical term or keyword.

Also translate the $subvalue which appears to have been missed
before.

(cherry picked from commit b187227683de93cb705d6290090aaa708354edf1)

kea: style sweep

(cherry picked from commit 7d52ccfe73e717fbce01819f395a6664d3bc2da0)

ui: override selectpicker defaults for translations (#10370)

(cherry picked from commit 7a82bb8ac39f57144df7223ee43be859aa68e05a)

mvc: unify migration message returns a bit

Mostly noticed due to "check log for details" which now in
most cases is not relevant since we use the verbose flag.

(cherry picked from commit cd2e12ed9f8255b9a022d208d2e9a72efe51a824)

System: Settings: Cron - disable mailto

PR: https://github.com/opnsense/core/issues/10246

(cherry picked from commit 1c5f6b9fcb72322f7983be066812b4b34121f39c)
(cherry picked from commit 8978c5fe69dd61ea8c7013975cae5be75f579946)

cron: allow unregistered actions to be deleted

Also add a user exception so the users knows what's going on
when not being able to delete.

(cherry picked from commit ae08b03b53c8d24358bd7ecbfb6f8e349ac8ba8e)

Services: Kea DHCPv6: Dynamic prefix delegation (#10252)

(cherry picked from commit 5b7c8e6a2f7e87c28b249b794429f31330017f9a)
(cherry picked from commit 5c51ecdee11648b0274395c8c8e847f510e8b57b)

interfaces: IAID selection and prefix range reservation #7647

(cherry picked from commit 91093f3344a09112347dc27cda33f14feb68b4aa)

Firewall: NAT: Reflect Outbound NAT mode into a volatile snat_mode field and show it in the new SNAT view

Firewall: NAT: download/upload rules as csv (#10371)

* Firewall: Turn downloadRules and uploadRules into a protected function inside FilterBaseController, implement it in Firewall rules and NAT pages

Firewall: Rules: improved tree grouping logic

theme/opnsense-auto: remove flashing (#10367)

Add a generic helper for key/value map

ui: override selectpicker defaults for translations (#10370)