Firewall: Automation: Filter - add 'statetimeout' and validations for https://github.com/opnsense/core/issues/8143
Although this component is mainly used for api access, experiment a bit further with the inpu dialog as well.
System: High Availability - XMLRPC Client / replace file_get_contents() with curl implementation, closes https://github.com/opnsense/core/issues/7561
While here, also offer optional peer tls verification as this is/was disabled by default.
In most cases verification isn't very relevant when using a direct attached neighbor, but if someone has infrastructure in between, extra safeguards are now possible.
With this inplace, allow_url_fopen can safely be disabled on our end (which was the primary goal here).
Update ICANN Trust Anchor to include the new one which will be active in 2026 (#7852)
Signed-off-by: Jagveer Loky (jagveer at cyberstorm.mu)
Signed-off-by: Jagveer Loky (jagveer at cyberstorm.mu)
System: Access: Users - remove support for local passwords
Since https://github.com/opnsense/core/issues/998 we support our authenticators for all service types, for backward compatibility reasons we kept default unix authentication available, since this is hardly used anymore, after 8 years it's time to deprecate this option.
System: Access: Users - allow long usernames for non local users (without a shell account), for https://github.com/opnsense/core/issues/7904
With the new mvc code inplace, it's also a good idea to loosen the constraints for some accounts. One of the mail advantages is that we can now user email addresses as usernames for most services.