Netgate, the provider of pfSense Community Edition (CE) software, has announced the release of version 2.7.1. pfSense CE is an open-source project that has been supported by Netgate since 2008. The source code for the project is available on GitHub under the Apache 2.0 open-source license. pfSense CE can be used on common hardware to build routers and more.

One major change in this release is the upgrade of OpenSSL to version 3.0.12. This upgrade was necessary as OpenSSL 1.1.1 has reached its End of Life and will no longer receive security patches. With the upgrade to OpenSSL 3.0.12, older and weaker encryption and hash algorithms have been removed, and security certificates based on these algorithms have been deprecated. It is highly recommended to review the release notes and Netgate’s blog post on this topic before performing the upgrade.

Another notable feature in version 2.7.1 is the addition of Kea DHCP as an opt-in feature. While basic functionality is present, it is not yet feature-complete. Switching to the Kea DHCP server can be done through the web interface by navigating to System > Advanced and changing the server backend radio button in the DHCP Options section to “Kea DHCP”. It is important to note that switching to Kea DHCP may result in ignored hostnames for devices on the network that were assigned using static leases or rely on dynamic lease registration in DNS.

This release also includes improved support for SCTP (Stream Control Transmission Protocol) in PF for firewall rules, NAT, and logging. Rules can now act on SCTP packets by port number, whereas previously it was only possible to filter on source or destination address. Additionally, the IPv6 Router Advertisement configuration has been relocated to Services > Router Advertisement as part of the ongoing integration of the Kea DHCP server.

Other changes in version 2.7.1 include the upgrade of PHP to version 8.2.11 and the base operating system to a more recent point of FreeBSD 14-CURRENT. The release also addresses various bugs and issues.

Source: pfSense.

XCP-ng has released a new security update for the 8.2 LTS version. The update includes new microcode from Intel to mitigate hardware vulnerabilities. However, it is recommended to update the hardware’s firmware for the best results. The update also addresses security issues related to IOMMU and PV guests in the Xen Project. The fixed vulnerability, CVE-2023-23583, can allow privilege escalation, information disclosure, or denial of service. It affects specific generations of server, desktop, embedded, and mobile processors.

The update also mentions upcoming fixes for XSA-445 and XSA-446 vulnerabilities. XSA-445 can affect hosts if the dom_io feature is enabled, and XSA-446 can bypass certain protections for PV guests. It is recommended to avoid PV guests to avoid any potential impact. The updated microcode for Intel SA is included in the XCP-ng update. The integration of fixes for XSAs will be incorporated in a future release or as needed in the coming days.

TrueNAS has introduced the F60 and F100 models as the newest additions to their TrueNAS Enterprise portfolio. These models belong to the high-performance line of all-NVMe systems known as the TrueNAS F-Series. The F-Series is designed to offer maximum performance, reliability, and density for organizations with ultra-demanding workloads. It provides organizations with a new choice for their performance-centric workloads, complementing other models in the TrueNAS portfolio that are optimized for capacity.

The TrueNAS F-Series supports file, block, and object protocols, and offers the rich data management capabilities of OpenZFS. Like other TrueNAS Enterprise appliances, the F-Series can be equipped with iXsystems’ award-winning enterprise support.

The TrueNAS F-Series includes two models:

• F100: This model features up to 24 NVMe Gen4 SSDs per 2U system, providing a storage capacity of 720TB. It offers up to 30GB/s bandwidth per node with 6x 40/100 GbE optical NICs and has a typical power draw of 800W.
• F60: The F60 model also supports up to 24 NVMe Gen4 SSDs per 2U system, with a storage capacity of 720TB. It offers up to 20GB/s bandwidth per node with 4x 40/100 GbE optical NICs and has a typical power draw of 800W.

The TrueNAS F-Series appliances come with the latest version of TrueNAS software, TrueNAS Enterprise 23.10. These all-NVMe models are designed to deliver maximum performance, reliability, and density for the most demanding workloads. Compared to previous models, the F-Series offers significant reductions in all-flash power, space, and Total Cost of Ownership (TCO).

The TrueNAS portfolio also includes the TrueNAS M-Series, which caters to hybrid flash and HDD requirements, and the TrueNAS Mini series. Both the M-Series and F-Series systems run on the same TrueNAS Enterprise 23.10 software, offering compatible features and a common WebUI. All TrueNAS systems can be monitored and managed as a fleet using TrueCommand.

Gitea has released version 1.21.0, which includes numerous new features and improvements. The release consists of 962 pull requests and marks the departure of Gitea Actions from the experimental state. Users can download the new version from the Gitea website.

The release includes several breaking changes that may affect users. One change involves moving public asset files to the proper directory. Previously, these files were served under a different directory, causing confusion for users. To resolve this, the default assets folder has been changed, and users with custom asset files will need to transfer them to the new location.

Another breaking change involves the configuration option for SSH authorized keys backup. Previously, this option was set to automatically create backups of the authorized keys file when a new SSH key was added. However, this caused the backup folder to become excessively large on instances with many users. As a result, the default value of this parameter has been changed, and users who still want backups should manually set it to true.

Additionally, the release removes the CHARSET configuration option for MySQL and always uses utf8mb4. Using utf8 as a charset for MySQL can lead to issues, and as Gitea only supports MySQL v5.7+, support for utf8 is no longer necessary. Existing utf8 databases will continue to work, but users are strongly encouraged to convert them to utf8mb4.

The release also includes improvements to Gitea Actions. Several new features have been added, including scheduled workflows, disabling workflows, and downloading raw task logs. Additionally, the admin page has been enhanced with capabilities such as manually rebuilding the issue index and a details page for each user.

Other notable improvements include the ability to select a specific commit range when reviewing a pull request, notifications for recently pushed branches, support for CODEOWNERS files, and the ability to pre-register OAuth2 applications for git credential helpers.

The release also introduces archived labels, a new concept that allows users to retire labels without deleting them. Gitea Actions have received various enhancements, making them a mature component of Gitea. The blame view has been simplified, and it is now possible to retry failed pull mirror creations.

Furthermore, the release includes improvements to the admin page, the ability to see if the CI is currently successful for all branches, and optimizations to reduce database deadlocks.

Looking ahead, Gitea 1.22 is expected to bring changes to the default themes and drop support for older database versions. The default themes will be renamed, and a new dark theme will be introduced. Users are encouraged to update their database versions for compatibility and security.

Overall, the release of Gitea 1.21.0 brings a range of new features and improvements that enhance the functionality and user experience of the platform. Users are encouraged to update to the latest version to take advantage of these enhancements.

Chinese electronics company AOC has introduced a new mini PC called the AOC MOSS 7, featuring an AMD Ryzen 7 7840HS processor, 32GB of RAM, and a 2TB SSD. Currently, it is available for purchase in China through JD.com for 3799 CNY (approximately $525). The availability of this mini PC outside of China is uncertain, but AOC does sell other mini PCs internationally through AliExpress.

The AOC MOSS 7 has a unique design with rounded edges, resembling a game console or appliance rather than a typical PC. With dimensions of 145 x 115 x 42mm. Although it does not have discrete graphics, it is equipped with Radeon 780M integrated graphics, featuring 12 RDNA 3 compute units, providing graphics capabilities similar to some powerful handheld gaming PCs.

The mini PC offers user-replaceable memory with two SODIMM slots for DDR5 RAM. It also includes a variety of ports, such as 2 x HDMI 2.0, 1 x RJ45 LAN, 1 x USB Type-C, 3 x USB 3.0 Type-A, 1 x USB 2.0 Type-A, 1 x 3.5mm audio, and 1 x DC power input. Active cooling is provided by a fan, and the package includes a 68W power adapter. The MOSS 7 supports WiFi 6 and Bluetooth 5.2.

While the USB-C port should support video output and data transfer, there is no information available regarding whether it is a USB4 port with 40 Gbps speeds. Thus, it remains unclear if the port can be used for external graphics docks or other accessories requiring a higher-speed connection.

Source: Liliputing.

AMD has unveiled its latest addition to the Zen 4 family, the Ryzen Embedded 7000 series processors. These socketed CPUs are designed for embedded and edge applications in the 60~105 Watt space. The Ryzen Embedded 7000 series processors offer significant improvements over the previous generation Ryzen Embedded 5000 series parts. They feature up to 12 cores and 24 threads, TDPs ranging from 65 to 105 Watts, support for DDR5-5200 ECC memory, up to 28 lanes on-chip for PCIe Gen5, and integrated RDNA2 graphics. AMD is committed to providing up to seven years of support for these processors. Linux, particularly Ubuntu, is the preferred operating system for these embedded processors.

The Ryzen Embedded 7000 series processors come with a range of models, from the Ryzen Embedded 7645 to the Ryzen Embedded 7700X. The flagship model, the Ryzen Embedded 7945, is a 65 Watt part with 12 cores, 24 threads, a base frequency of 3.7GHz, a boost frequency of 5.4GHz, and 64MB L3 cache. Unfortunately, there are no technical benchmarks available yet, but AMD claims significant performance advantages over Intel Raptor Lake on Windows.

The chipset options for the Ryzen Embedded 7000 series are the X600, B650, and X670. It is worth noting that these processors do not have Ryzen AI, although there is a possibility that future generations may support it on Linux.

Overall, the AMD Ryzen Embedded 7000 series processors offer a powerful and efficient solution for embedded and edge applications. With their improved performance and support for Linux, they are likely to find popularity in the embedded space.

Source: Phoronix.