path: root/docs/changelog/1.3.rst

############
1.3 Eqquleus
############

..
   Please don't add anything by hand.
   This file is managed by the script:
   _ext/releasenotes.py


1.3.9 (future release)
======================





**Bug fixes**


* :vytask:`T5926`  ``IPSEC does not apply after l2tp configuration was changed``

**Other resolved issues**


* :vytask:`T1311`  ``WAN load-balancing can't flush connections when conntrack-sync is enabled``

1.3.8 (25th June 2024)
======================





**Bug fixes**


* :vytask:`T5725`  ``protocol IS-IS configuration is empty if a tunnel does not have remote address``
* :vytask:`T6337`  ``Upgrade from 1.3.5 fails if ssh public key name has a space in it``
* :vytask:`T6359`  ``Multicast does not forward after reboot``


1.3.7 (13th May 2024)
=====================

**Security**


* :vytask:`T6324`  ``CVE-2024-2961``



**New features and improvements**


* :vytask:`T1244`  ``Add support for StartupResync in conntrack-sync``
* :vytask:`T5364`  ``Make it possible to set the PADO delay to 0``
* :vytask:`T5418`  ``Allow arbitrary subnets in PPPoE client IP pools``
* :vytask:`T5504`  ``Make it possible to set more than one peer-address in unicast VRRP``
* :vytask:`T6057`  ``Add ability to disable syslog for conntrackd``

**Bug fixes**


* :vytask:`T1751`  ``DNS server addresses from DHCPv6 are not added to resolv.conf``
* :vytask:`T1976`  ``deleting address-family under neighbor will disable neighbor``
* :vytask:`T2044`  ``RPKI doesn't boot properly``
* :vytask:`T2113`  ``OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping``
* :vytask:`T2279`  ``Router resolves as 127.0.1.1 when using Router's Recursive DNS``
* :vytask:`T2590`  ``DHCPv6 not updating nameservers and search domains since replacing isc-dhcp-client with WIDE dhcp6c``
* :vytask:`T2612`  ``HTTPS API, changing API key fails but goes through``
* :vytask:`T2801`  ``conntrack-tools flooding logs``
* :vytask:`T2998`  ``SNMP v3 oid "exclude" option doesn't work``
* :vytask:`T3437`  ``BGP Confederation Addition Causes Error``
* :vytask:`T3992`  ``Unhandled exception when trying to add an interface with an assigned address to a bridge``
* :vytask:`T4270`  ``When "ignore-hosts-file" is unset, local hostname of the router resolves to 127.0.1.1 in the DNS forwarding service``
* :vytask:`T4453`  ``dhclient fails to renew DHCP lease with VRF``
* :vytask:`T5239`  ``Host name and domain name missing from the FRR configuration``
* :vytask:`T5982`  ``Isolated interfaces smoketest fail``
* :vytask:`T6004`  ``Missing RPKI boot priority prevents it from loading``
* :vytask:`T6056`  ``Applying 'system static-host-mapping'  command calls unnecessary snmpd restart``
* :vytask:`T6088`  ``Configuration corrupted after saving and powercut or force reboot``
* :vytask:`T6096`  ``Config commits are not synced properly because 00vyos-sync is deleted by vyos-router``
* :vytask:`T6110`  ``Insufficient validation of range option with failover in DHCP server``
* :vytask:`T6124`  ``Docker equuleus build image doesn't build due to fpm``
* :vytask:`T6141`  ``Trying to set PADO delay in PPPoE server without also configuring the session options causes a commit failure``
* :vytask:`T6150`  ``Impossible to set a static IP address via RADIUS in IPoE``
* :vytask:`T6193`  ``dhcp-client: invalid warning "is not a DHCP interface but uses DHCP name-server option" for VLAN interfaces``
* :vytask:`T6196`  ``route-map and summary-only do not work in BGP aggregation at the same time``
* :vytask:`T6243`  ``Update vyos-http-api-tools for package idna security advisory``

**Other resolved issues**


* :vytask:`T1198`  ``Extra hyphen in suggested image name on upgrade``
* :vytask:`T3584`  ``Migrate NTP server addresses from *.pool.ntp.org to our own``
* :vytask:`T6261`  ``Typo in the operational mode connect and disconnect command output``

1.3.6 (14th February 2024)
==========================

**Security**


* :vytask:`T5318`  ``Security Vulnerabilities for VyOS 1.3.3``


**Configuration syntax changes (automatically migrated)**


* :vytask:`T2060`  ``source-validation will be configured at different locations and could lead to massive confusion``
* :vytask:`T2289`  ``Denest cerbot certificate configuration from service https``

**New features and improvements**


* :vytask:`T1929`  ``ipset in firewall``
* :vytask:`T2060`  ``source-validation will be configured at different locations and could lead to massive confusion``
* :vytask:`T2116`  ``Processing configuration via Cloud-init User-Data``
* :vytask:`T2191`  ``Using tallow to block sshd probes``
* :vytask:`T2289`  ``Denest cerbot certificate configuration from service https``
* :vytask:`T3039`  ``Resize a root partition and filesystem automatically during deployment in virtual environments``
* :vytask:`T4039`  ``Rsyslog to use 'protocol23format' for protocol UDP``
* :vytask:`T4078`  ``A hybrid of "network-group" and "address-group".``
* :vytask:`T5182`  ``Update Intel ice driver``
* :vytask:`T5187`  ``Update Realtek r8152 driver``
* :vytask:`T5275`  ``Add op mode commands for exporting certificates to PEM files with correct headers``
* :vytask:`T5796`  ``Openconnect - HTTPS  security headers are missing``

**Bug fixes**


* :vytask:`T117`  ``Cannot install from ISO via serial console on ttyS1``
* :vytask:`T1925`  ``DMVPN is always listed as down in "show vpn ipsec sa"``
* :vytask:`T2085`  ``Building some packages with vyos-build no longer works for Equuleus/current``
* :vytask:`T2163`  ``Disabled vif interface with "address dhcp" requests DHCP address``
* :vytask:`T2404`  ``Cannot change MTU``
* :vytask:`T2509`  ``No inotify notifications from /``
* :vytask:`T2574`  ``wan-load-balance snat bug and route problem``
* :vytask:`T2793`  ``compare + TAB completion does not show proper username if user contains _``
* :vytask:`T2837`  ``make-version-file  executed too early during build process``
* :vytask:`T3154`  ``route-map CLI allows 32-bit ASNs in community options even though FRR doesn't``
* :vytask:`T3980`  ``vrrp transition-script validator makes warning fatal and also causes a python NameError exception``
* :vytask:`T4062`  ``VRRP IPSEC-AH : sequence number xxxxxxx already processed. Packet dropped. Local(xxxxxxx)``
* :vytask:`T4566`  ``Cannot log in on serial console on Equuleus v1.3.1``
* :vytask:`T4752`  ``ICMP redirects not working / not properly configured``
* :vytask:`T4760`  ``VyOS does not support running multiple instances of DHCPv6 clients``
* :vytask:`T4990`  ``Commit results may not be properly saved if power is cut immediately after a successful commit``
* :vytask:`T5180`  ``initramfs-tools ignores firmware from updates directory``
* :vytask:`T5543`  ``Fix source address handling in static joins``
* :vytask:`T5625`  ``"restart vpn" does not work if ipsec-interfaces is not set``
* :vytask:`T5739`  ``Password recovery does not work if public keys are configured``
* :vytask:`T5800`  ``HTTPS API unavailable after delete VRF``
* :vytask:`T5852`  ``Reboots fail with eapol WAN interface``
* :vytask:`T5914`  ``CVE-2023-48795 - Terrapin vulnerability``
* :vytask:`T5924`  ``Build cannot pass the smoketest dialup-router-medium-vpn``
* :vytask:`T5967`  ``Multi-hop BFD connections can't be established; please add minimum-ttl option.``
* :vytask:`T6017`  ``Update vyos-http-api-tools for security advisory``

**Other resolved issues**


* :vytask:`T922`  ``OSPF - Process Crash after peer reboot``
* :vytask:`T1297`  ``Add GARP settings to VRRP/keepalived``
* :vytask:`T1369`  ``GCP Networking Failure``
* :vytask:`T1500`  ``Slow boot/load and CLI response times``
* :vytask:`T1667`  ``Add a tool for automatically importing old style command definitions into XML``
* :vytask:`T1671`  ``rewrite udev script logic /lib/udev/vyatta_net_name``
* :vytask:`T1981`  ``Allow route-map 'set src' to reference both IPv4 and IPv6``
* :vytask:`T2223`  ``convert operational show interfaces to python/XML``
* :vytask:`T2353`  ``Interface [conf_mode] errors parent task``
* :vytask:`T2431`  ``Python validators are slow``
* :vytask:`T2452`  ``Serial console related issues``
* :vytask:`T2546`  ``The root task for rewriting [op-mode] to XML``
* :vytask:`T2579`  ``The root task for VRF features``
* :vytask:`T2655`  ``ConfigError formatting issue``
* :vytask:`T2720`  ``Rework vyos.template Python module to make future extension easier``
* :vytask:`T2755`  ``Requirements for partial interface setup``
* :vytask:`T2799`  ``VyOS Certificates Manager``
* :vytask:`T3191`  ``PAM RADIUS freezing when accounting does not configured on RADIUS server``
* :vytask:`T3348`  ``dhcpd: Can't create new lease file: Permission denied``
* :vytask:`T3403`  ``Error on interrupting list of pppoe sessions``
* :vytask:`T3513`  ``Attempting to remove firewall rule results in error``
* :vytask:`T3688`  ``Fail to save configuration via scp/sftp``
* :vytask:`T3737`  ``openvpn-option needs to be able to support quotes as since openvpn 2.4.``
* :vytask:`T3813`  ``Some custom sysctl parameters can't be applied bug``
* :vytask:`T4222`  ``Support for TWAMP as round-trip metric``
* :vytask:`T4646`  ``USB serial output console does not work``
* :vytask:`T5274`  ``Add a deprecation warning for OpenVPN site-to-site with pre-shared secret``
* :vytask:`T5714`  ``IPSec VPN: op-mode: "show log vpn" does not show results``
* :vytask:`T5715`  ``IPSec VPN: restart vpn is not working``
* :vytask:`T6014`  ``Bump keepalived version``
* :vytask:`T6249`  ``ISO builder fails because of changed buster-backport repository``

1.3.5 (15th December 2023)
==========================



**Configuration syntax changes (automatically migrated)**


* :vytask:`T2139`  ``openvpn: allow "dh-file none" to disable DH for ECDH keys``

**New features and improvements**


* :vytask:`T1118`  ``Obsolete "utc" option in time selector in firewall``
* :vytask:`T2014`  ``Use vendor specific NTP Pool hostname``
* :vytask:`T2139`  ``openvpn: allow "dh-file none" to disable DH for ECDH keys``
* :vytask:`T4269`  ``node.def generator should automatically add default values``
* :vytask:`T5213`  ``Accel-ppp sending accounting interim updates acct-interim-interval option``
* :vytask:`T5270`  ``Make OpenVPN `tls dh-params` optional``
* :vytask:`T5271`  ``Add support for peer-fingerprint to OpenVPN``
* :vytask:`T5273`  ``Add op mode commands for displaying certificate details and fingerprints``
* :vytask:`T5387`  ``dhcp6c: add a no release option``
* :vytask:`T5576`  ``Add bgp remove-private-as all option``
* :vytask:`T5586`  ``Disable by default SNMP for Keepalived VRRP``
* :vytask:`T5630`  ``pppoe: allow to specify MRU in addition to already configurable MTU``
* :vytask:`T5661`  ``Add show show ssh dynamic-protection attacker and show log ssh dynamic-protection``

**Bug fixes**


* :vytask:`T305`  ``loadbalancing does not work with one pppoe connection and another connection of either dhcp or static``
* :vytask:`T971`  ``authentication public-keys options quoting issue``
* :vytask:`T1012`  ``vyos-build configure script should check /etc/issue to avoid confusion``
* :vytask:`T2051`  ``Throughput anomalies``
* :vytask:`T2250`  ``vyos-build "make iso" error if configure was ran outside of the docker container``
* :vytask:`T3020`  ``The "scp" example is wrong in the bash-completion for "set system config-management commit-archive location"``
* :vytask:`T3045`  ``Changes to Conntrack-Sync don't apply correctly (Mutlicast->UDP)``
* :vytask:`T3940`  ``DHCP client does not remove IP address when stopped by the 02-vyos-stopdhclient hook``
* :vytask:`T4146`  ``Nginx should not listen on port 80``
* :vytask:`T4328`  ``Large MTU on 1.3.1-S1``
* :vytask:`T4402`  ``OpenVPN client-ip-pool option is broken``
* :vytask:`T4601`  ``dhcp : relay agent IP address issue.``
* :vytask:`T4776`  ``NVME storage is not detected properly during installation``
* :vytask:`T5223`  ``tunnel key doesn't clear``
* :vytask:`T5235`  ``SSH keys with special characters cannot be applied via Cloud-init``
* :vytask:`T5402`  ``VRRP router with rfc3768-compatibility sends multiple ARP replies``
* :vytask:`T5413`  ``Deny the opportunity to use one public/private key pair on both wireguard peers.``
* :vytask:`T5486`  ``Service dns dynamic cannot pass the smoketest``
* :vytask:`T5669`  ``VXLAN interface changing port does not work``
* :vytask:`T5670`  ``bridge: missing member interface validator``
* :vytask:`T5763`  ``Fix imprecise check for remote file name in vyos-load-config.py``
* :vytask:`T5777`  ``frr: backport and upstream recent bgpd daemon crashes``

**Other resolved issues**


* :vytask:`T1276`  ``dhcp relay + VLAN fails``
* :vytask:`T2719`  ``Standardized op mode script structure``
* :vytask:`T3536`  ``Unable to list all available routes``
* :vytask:`T3702`  ``Policy: Allow routing by fwmark``
* :vytask:`T5191`  ``Replace underscores with hyphens in command-line options generated by vyos.opmode``
* :vytask:`T5268`  ``OpenVPN: upgrade package to 2.6 series``
* :vytask:`T5280`  ``Update Expired keys (2023-06-08) for PowerDNS``
* :vytask:`T5578`  ``"ikev2-reauth" description contains outdated information``
* :vytask:`T5624`  ``Remove /etc/debian_version from the image``
* :vytask:`T5632`  ``Add jq package to parse JSON files``
* :vytask:`T5817`  ``Show openvpn server fails in some cases``

1.3.4 (17th October 2023)
=========================




**New features and improvements**


* :vytask:`T738`  ``Add local-port and resolver port options for powerdns in CLI configuration tree``
* :vytask:`T2123`  ``Configure 3 NTP servers``
* :vytask:`T2424`  ``Ability to choose the direction of Mirroring``
* :vytask:`T3144`  ``Support op-mode command to release DHCP leases``
* :vytask:`T3546`  ``Add support for running scripts on PPPoE server session events``
* :vytask:`T4151`  ``IPV6 local PBR Support``
* :vytask:`T4426`  ``Add arpwatch to the image``
* :vytask:`T4475`  ``route-map does not support ipv6 peer``
* :vytask:`T4825`  ``interfaces veth/veth-pairs -standalone used``
* :vytask:`T5190`  ``Cloud-Init cannot fetch Meta-data on machines where the main Ethernet interface is not eth0``
* :vytask:`T5265`  ``WAN load-balancing: missing completion helpers``
* :vytask:`T5315`  ``vrrp: add support for version 3``
* :vytask:`T5354`  ``Add sshguard to protect against brut-forces for 1.3``

**Bug fixes**


* :vytask:`T2611`  ``Prefix list names are shared between ipv4 and ipv6``
* :vytask:`T2908`  ``VRF and bridge membership isn’t mutually exclusive``
* :vytask:`T2958`  ``DHCP server doesn't work from a live CD``
* :vytask:`T3070`  ``Firewall going OOM, possible related to nftables migration``
* :vytask:`T3098`  ``Cannot talk to rtnetlink: Message too long Command failed -:1``
* :vytask:`T3339`  ``Cloud-Init domain search setting not applied``
* :vytask:`T4113`  ``Incorrect GRUB configuration parsing``
* :vytask:`T4121`  ``Nameservers from DHCP client cannot be used in specific cases``
* :vytask:`T4407`  ``Network-config v2 is broken in Cloud-init 22.1 and VyOS 1.3``
* :vytask:`T4412`  ``commit archive: reboot not working with sftp``
* :vytask:`T4459`  ``API service with VRF doesn't work in 1.3.1``
* :vytask:`T4745`  ``CLI TAB issue with values with '-' at the beginning in conf mode``
* :vytask:`T4790`  ``RADIUS login does not work if sum of timeouts more than 50s``
* :vytask:`T4855`  ``Trying to create more than one tunnel of the same type to the same address causes unhandled exception``
* :vytask:`T4869`  ``A network with `/32` or `/128` mask cannot be removed from a network-group``
* :vytask:`T4895`  ``Tag nodes are overwritten when configured by Cloud-Init from User-Data``
* :vytask:`T5006`  ``Http api segfault with concurrent requests``
* :vytask:`T5140`  ``Firewall network-group problems``
* :vytask:`T5221`  ``BGP as-override behavior differs from new FRR and other vendors``
* :vytask:`T5240`  ``Service router-advert failed to start radvd with more then 3 name-servers``
* :vytask:`T5305`  ``REST API configure operation should not be defined as async``
* :vytask:`T5313`  ``UDP broadcast relay - missing verify() that relay interfaces have an IP address assigned``
* :vytask:`T5329`  ``Wireguard interface as GRE tunnel source causes configuration error on boot``
* :vytask:`T5428`  ``dhcp: client renewal fails when running inside VRF``
* :vytask:`T5506`  ``Container bridge interfaces do not have a link-local address``
* :vytask:`T5524`  ``Add config directory to liveCD``
* :vytask:`T5533`  ``Keepalived VRRP IPv6 group enters in FAULT state``
* :vytask:`T5545`  ``sflow is not working``
* :vytask:`T5555`  ``Fix timezone migrator (system 13-to-14)``
* :vytask:`T5594`  ``VRRP - Error if using IPv6 Link Local as hello source address``

**Other resolved issues**


* :vytask:`T469`  ``Problem after commit with errors``
* :vytask:`T2296`  ``Upgrade WALinux to 2.2.41``
* :vytask:`T3424`  ``PPPoE IA-PD doesn't work in VRF``
* :vytask:`T3577`  ``Generating vpn x509 key pair fails with command not found``
* :vytask:`T3713`  ``Create a meta-package for user utilities``
* :vytask:`T4306`  ``Do not check for ditry repository when building release images``
* :vytask:`T4874`  ``Add Warning message to Equuleus``
* :vytask:`T4933`  ``Malformed lines cause vyos.util.colon_separated_to_dict fail with a nondescript error``
* :vytask:`T5272`  ``Upgrade OpenVPN to 2.6 in Equuleus``
* :vytask:`T5470`  ``wlan: can not disable interface if SSID is not configured``
* :vytask:`T5557`  ``bgp: Use treat-as-withdraw for tunnel encapsulation attribute CVE-2023-38802``

1.3.3 (22th June 2023)
======================

**Security**


* :vytask:`T3835`  ``vyos router 1.2.7 snmp Dos bug``
* :vytask:`T4970`  ``pin OCaml pcre package to avoid JIT support``


**Configuration syntax changes (automatically migrated)**


* :vytask:`T4628`  ``ConfigTree() throws ValueError() if tagNode contains whitespaces``

**New features and improvements**


* :vytask:`T1024`  ``Policy Based Routing by DSCP``
* :vytask:`T1928`  ``Is the 'Welcome to VyOS' message when using SSH an information leak?``
* :vytask:`T1993`  ``Extended pppoe rate-limiter``
* :vytask:`T2603`  ``pppoe-server: reduce min MTU``
* :vytask:`T2640`  ``Running VyOS inside Docker containers``
* :vytask:`T2769`  ``Add VRF support for syslog``
* :vytask:`T3937`  ``Rewrite "show system memory" in Python to make it usable as a library function``
* :vytask:`T4219`  ``support incoming-interface (iif) in local PBR``
* :vytask:`T4575`  ``vyos.utill add new wrapper "rc_cmd" to get the return code and output``
* :vytask:`T4683`  ``Add kitty-terminfo package to build``
* :vytask:`T4727`  ``Add RADIUS rate limit support to PPTP server``
* :vytask:`T4743`  ``Enable IPv6 address for Dynamic DNS``
* :vytask:`T4785`  ``snmp: Allow !, @, * and # in community name``
* :vytask:`T4812`  ``IPsec ability to show all configured connections``
* :vytask:`T4898`  ``Add mtu config option for dummy interfaces``
* :vytask:`T4922`  ``Add ssh-client source-interface CLI option``
* :vytask:`T4947`  ``Support mounting container volumes as ro or rw``
* :vytask:`T4948`  ``pppoe: add CLI option to allow definition of host-uniq flag``
* :vytask:`T4949`  ``Backport "monitor log" and "show log" op-mode definitions from current to equuleus``
* :vytask:`T4959`  ``Add container registry authentication config for containers``
* :vytask:`T4971`  ``Radius attribute "Framed-Pool" for PPPoE``
* :vytask:`T5033`  ``generate-public-key command fails for address with multiple public keys like GitHub``
* :vytask:`T5098`  ``PPPoE client holdoff configuration``

**Bug fixes**


* :vytask:`T2118`  ``Failure to boot after power outage due to dirty filesystem and no fsck in initramfs``
* :vytask:`T2189`  ``Adding a large port-range will take ~ 20 minutes to commit``
* :vytask:`T2516`  ``vyos-container: cannot configure ethernet interface``
* :vytask:`T2838`  ``Ethernet device names changing, multiple hw-id being added``
* :vytask:`T3852`  ``DHCP client issue - interface has two dhclient processes when link is unpluged and then plug again``
* :vytask:`T4117`  ``Does not possible to configure PoD/CoA for L2TP vpn``
* :vytask:`T4153`  ``Monitor bandwidth-test initiate not working``
* :vytask:`T4177`  ``Strip-private doesn't work for service monitoring``
* :vytask:`T4312`  ``Telegraf configuration doesn't accept IPs for URL``
* :vytask:`T4533`  ``Radius clients don’t  have simple permissions``
* :vytask:`T4582`  ``Router-advert: Preferred lifetime cannot equal valid lifetime in PIOs``
* :vytask:`T4628`  ``ConfigTree() throws ValueError() if tagNode contains whitespaces``
* :vytask:`T4630`  ``Prevent attempts to use the same interface as a source interface for pseudo-ethernet and MACsec at the same time``
* :vytask:`T4642`  ``proxy: hyphen not allowed in proxy URL``
* :vytask:`T4648`  ``PPPoE: Ignore default router from RA when PPPoE default-route is set to none``
* :vytask:`T4664`  ``Add validation to reject whitespace in tag node value names``
* :vytask:`T4668`  ``Adding/removing members from bond doesn't work/results in incorrect interface state``
* :vytask:`T4671`  ``linux-firmware package is missing symlinks defined in WHENCE file``
* :vytask:`T4679`  ``OpenVPN site-to-site incorrect check for IPv6 local and remote address``
* :vytask:`T4680`  ``Telegraf prometheus-client listen-address invalid format``
* :vytask:`T4702`  ``Wireguard peers configuration is not synchronized with CLI``
* :vytask:`T4709`  ``TCP MSS clamping broken in equuleus``
* :vytask:`T4730`  ``Conntrack-sync error - listen-address is not the correct type in config as it should be``
* :vytask:`T4737`  ``FRRouting/zebra 7.5.1 does not redistribute routes to other protocols``
* :vytask:`T4799`  ``PowerDNS >= 4.7 does not get reloaded by vyos-hostsd``
* :vytask:`T4872`  ``Op-mode show openvpn misses a case when parsing for tunnel IP``
* :vytask:`T4884`  ``Missing a community6 in snmpd config``
* :vytask:`T4896`  ``ospfv3: Fix broken not-advertise option``
* :vytask:`T4902`  ``snmpd: exclude container storage from monitoring``
* :vytask:`T4918`  ``Odd show interface behavior``
* :vytask:`T4939`  ``VRRP command  no-preempt not work as expected``
* :vytask:`T4955`  ``Openconnect radiusclient.conf generating with extra authserver``
* :vytask:`T4975`  ``CLI does not work after cutting off the power or reset``
* :vytask:`T4978`  ``KeyError: 'memory' container_config['memory'] on upgrading to 1.4-rolling-202302041536``
* :vytask:`T4992`  ``Incorrect check is_local_address for bgp neighbor with option ip_nonlocal_bind set``
* :vytask:`T4993`  ``Can't delete conntrack ignore rule``
* :vytask:`T5009`  ``op-mode command:  restart dhcp relay-agent not working``
* :vytask:`T5011`  ``Some interface drivers don't support min_mtu and max_mtu and verify_mtu check should be skipped``
* :vytask:`T5017`  ``Bug with validator interface-name``
* :vytask:`T5047`  ``Recreate only a specific container``
* :vytask:`T5066`  ``Different GRE tunnel but same tunnel keys error``
* :vytask:`T5136`  ``Possible config corruption on upgrade``
* :vytask:`T5152`  ``Telegraf agent hostname isn't qualified``
* :vytask:`T5175`  ``http-api: error in MultiPart parser for FastAPI version >= 0.91.0``
* :vytask:`T5176`  ``http-api: update vyos-http-api-tools for FastAPI security vulnerability``
* :vytask:`T5186`  ``QoS test cannot pass for 1.3``

**Other resolved issues**


* :vytask:`T1288`  ``FRR: rewrite staticd backend (/opt/vyatta/share/vyatta-cfg/templates/protocols/static/*)``
* :vytask:`T1875`  ``Add the ability to use network address as BGP neighbor (bgp listen range)``
* :vytask:`T2913`  ``Failure to install fpm while building builder docker image``
* :vytask:`T3083`  ``Add feature event-handler``
* :vytask:`T3608`  ``Standardize warnings from configure scripts``
* :vytask:`T3810`  ``webproxy squidguard rules don't work properly after rewriting to python.``
* :vytask:`T4122`  ``interface ip address config missing after upgrade from 1.2.8 to 1.3.0 (when redirect is configured?)``
* :vytask:`T4262`  ``install image doesn't respect chosen root partition size``
* :vytask:`T4381`  ``OpenVPN: Add "Tunnel IP" column in "show openvpn server" operational command``
* :vytask:`T4511`  ``IPv6 DNS lookup``
* :vytask:`T4625`  ``Update ocserv to current revision (1.1.6)``
* :vytask:`T4652`  ``Upgrade PowerDNS recursor to 4.7 series``
* :vytask:`T4798`  ``Migrate the file-exists validator away from Python``
* :vytask:`T4832`  ``dhcp: Add IPv6-only dhcp option support (RFC 8925)``
* :vytask:`T4875`  ``Replace Python validator 'interface-name' to avoid Python startup cost``
* :vytask:`T4900`  ``Cache intermediary results of get_config_diff in Config instance``
* :vytask:`T4906`  ``ipsec connections shows only one connection as up``
* :vytask:`T4925`  ``Need to add the possibility to configure Pseudo-Random Functions (PRF) in IKEv2``
* :vytask:`T4999`  ``vyos.util backport dict_search_recursive``
* :vytask:`T5007`  ``Interface multicast setting is invalid``
* :vytask:`T5008`  ``MACsec CKN of 32 chars is not allowed in CLI, but works fine``
* :vytask:`T5111`  ``pppd-dns.service startup failed``
* :vytask:`T5243`  ``Default route is inactive if an interface has multiple ip addresses of the same subnet in 1.3.2 Equuleus``

1.3.2 (7th November 2022)
=========================




**New features and improvements**


* :vytask:`T1375`  ``Add clear  dhcp server  lease function``
* :vytask:`T2580`  ``Support for ip pools for ippoe``
* :vytask:`T2683`  ``no dual stack in system static-host-mapping host-name``
* :vytask:`T2763`  ``New SNMP resource request - SNMP over TCP``
* :vytask:`T3318`  ``Update Linux Kernel to v5.4.208 / 5.10.142``
* :vytask:`T3785`  ``Add unicode support to configtree backend``
* :vytask:`T4260`  ``Extend vyos.configdict.node_changed() to support recursiveness``
* :vytask:`T4315`  ``Telegraf - Output to prometheus``
* :vytask:`T4336`  ``isis: add support for MD5 authentication password on a circuit``
* :vytask:`T4346`  ``Deprecate "system ipv6 disable" option to disable address family within OS kernel``
* :vytask:`T4373`  ``PPPoE-server add multiplier option for shaper``
* :vytask:`T4395`  ``Extend show vpn debug``
* :vytask:`T4421`  ``Add support for floating point numbers in the numeric validator``
* :vytask:`T4442`  ``HTTP API add action "reset"``
* :vytask:`T4456`  ``NTP client in VRF tries to bind to interfaces outside VRF, logs many messages``
* :vytask:`T4489`  ``MPLS sysctl not persistent for tunnel interfaces``
* :vytask:`T4507`  ``IPoE-server add multiplier option for shaper``
* :vytask:`T4509`  ``Feature Request: DNS64``
* :vytask:`T4515`  ``Reduce telegraf binary size``
* :vytask:`T4522`  ``bond: add ability to specify mii monitor interval via CLI``
* :vytask:`T4584`  ``hostap: create custom package build``
* :vytask:`T4614`  ``OpenConnect split-dns directive``
* :vytask:`T4647`  ``Add Google Virtual NIC (gVNIC) support``

**Bug fixes**


* :vytask:`T2194`  ``"show firewall" garbled output``
* :vytask:`T2654`  ``Multiple names unable to be assigned to the same static mapping``
* :vytask:`T3507`  ``Bond with mode LACP show u/u in show interfaces even if peer is not configured``
* :vytask:`T3714`  ``Some sysctl custom parameters disappear after reboot``
* :vytask:`T4206`  ``Policy Based Routing with DHCP Interface Issue``
* :vytask:`T4230`  ``OpenVPN server configuration deleted after reboot when using a VRRP virtual-address``
* :vytask:`T4294`  ``Adding a new openvpn-option does not restart the OpenVPN process``
* :vytask:`T4313`  ``"generate public-key-command" throws unhandled exceptions when it cannot retrieve the key``
* :vytask:`T4319`  ``The command "set system ipv6 disable" doesn't work as expected.``
* :vytask:`T4324`  ``wwan: check alive script should only be run via cron if a wwan interface is configured at all``
* :vytask:`T4330`  ``MTU settings cannot be applied when IPv6 is disabled``
* :vytask:`T4331`  ``IPv6 link local addresses are not configured when an interface is in a VRF``
* :vytask:`T4337`  ``isis: IETF SPF delay algorithm can not be configured - results in vyos.frr.CommitError``
* :vytask:`T4338`  ``wwan: changing interface description should not trigger reconnect``
* :vytask:`T4339`  ``wwan: tab-completion results in "No such file or directory" if there is no WWAN interface``
* :vytask:`T4341`  ``login: disable user-account prior to deletion and wait until deletion is complete``
* :vytask:`T4350`  ``DMVPN opennhrp spokes dont work behind NAT``
* :vytask:`T4354`  ``Slave interfaces fall out from bonding during configuration change``
* :vytask:`T4361`  ```vyos.config.exists()` does not work for nodes with multiple values``
* :vytask:`T4363`  ``salt-minion: default mine_interval option is not set``
* :vytask:`T4366`  ``geneve: interface is removed on changes to e.g. description``
* :vytask:`T4369`  ``OpenVPN: daemon not restarted on changes to "openvpn-option" CLI node``
* :vytask:`T4388`  ``dhcp-server: missing constraint on tftp-server-name option``
* :vytask:`T4405`  ``DHCP client sometimes ignores `no-default-route` option of an interface``
* :vytask:`T4441`  ``wwan: connection not possible after a change added after 1.3.1-S1 release``
* :vytask:`T4447`  ``DHCPv6 prefix delegation `sla-id` limited to 128``
* :vytask:`T4468`  ``web-proxy source group cannot start with a number bug``
* :vytask:`T4510`  ``set system static-host-mapping doesn't allow IPv4 and IPv6 for same name.``
* :vytask:`T4513`  ``Webproxy monitor commands do not work``
* :vytask:`T4521`  ``bond: ARP monitor interval is not configured despite set via CLI``
* :vytask:`T4525`  ``Delete interface from VRF and add it to bonding error``
* :vytask:`T4527`  ``Prevent to create VRF name default``
* :vytask:`T4532`  ``Flow-accounting IPv6 server/receiver bug``
* :vytask:`T4534`  ``bond: bridge: error out if member interface is assigned to a VRF instance``
* :vytask:`T4537`  ``MACsec not working with cipher gcm-aes-256``
* :vytask:`T4538`  ``Macsec does not work correctly when the interface status changes.``
* :vytask:`T4565`  ``vlan aware bridge not working with - Kernel: T3318: update Linux Kernel to v5.4.205 #249``
* :vytask:`T4572`  ``Add an option to force interface MTU to the value received from DHCP``
* :vytask:`T4579`  ``bridge: can not delete member interface CLI option when VLAN is enabled``
* :vytask:`T4592`  ``macsec: can not create two interfaces using the same source-interface``
* :vytask:`T4616`  ``openconnect: KeyError: 'local_users'``
* :vytask:`T4618`  ``Traffic policy not set on virtual interfaces``
* :vytask:`T4632`  ``VLAN-aware bridge not working``
* :vytask:`T4653`  ``Interface offload options are not applied correctly``
* :vytask:`T4666`  ``EAP-TLS no longer allows TLSv1.0 after T4537, T4584``

**Other resolved issues**


* :vytask:`T4415`  ``Include license/copyright files in the image but remove user documentation from /usr/share/doc to reduce its size``
* :vytask:`T4430`  ``Show firewall output with visual shift default rule``
* :vytask:`T4629`  ``Raised ConfigErrors contain dict instead of only the dict key``
* :vytask:`T4654`  ``RPKI cache incorrect description``

1.3.1 (21th March 2022)
=======================

**Security**


* :vytask:`T4204`  ``Update Accel-PPP to a newer revision``
* :vytask:`T4310`  ``CVE-2022-0778: infinite loop in OpenSSL certificate parsing``
* :vytask:`T4311`  ``CVE-2021-4034: local privilege escalation in PolKit``


**Configuration syntax changes (automatically migrated)**


* :vytask:`T1972`  ``Allow setting interface name for virtual_ipaddress in VRRP VRID``
* :vytask:`T4273`  ``ssh: Upgrade from 1.2.X to 1.3.0 breaks config``

**New features and improvements**


* :vytask:`T1972`  ``Allow setting interface name for virtual_ipaddress in VRRP VRID``
* :vytask:`T2400`  ``OpenVPN: dont restart server if no need``
* :vytask:`T2764`  ``Increase maximum number of NAT rules``
* :vytask:`T3164`  ``console-server ssh does not work with RADIUS PAM auth``
* :vytask:`T3299`  ``Allow the web proxy service to listen on all IP addresses``
* :vytask:`T3854`  ``Missing op-mode commands for conntrack-sync``
* :vytask:`T3872`  ``Add configurable telegraf monitoring service``
* :vytask:`T4055`  ``Add VRF support for HTTP(S) API service``
* :vytask:`T4100`  ``Firewall increase maximum number of rules``
* :vytask:`T4120`  ``[VXLAN] add ability to set multiple unicast-remotes``
* :vytask:`T4128`  ``keepalived: Upgrade package to add VRF support``
* :vytask:`T4261`  ``MACsec: add DHCP client support``

**Bug fixes**


* :vytask:`T2922`  ``The `vpn ipsec logging log-modes` miss the IPSec daemons state check``
* :vytask:`T3380`  ``"show vpn ike sa" does not display IPv6 peers``
* :vytask:`T3686`  ``Bridging OpenVPN tap with no local-address breaks``
* :vytask:`T3914`  ``VRRP rfc3768-compatibility doesn't work with unicast peers``
* :vytask:`T3924`  ``VRRP stops working with VRF``
* :vytask:`T4002`  ``firewall group network-group long names restriction incorrect behavior``
* :vytask:`T4081`  ``VRRP health-check script stops working when setting up a sync group``
* :vytask:`T4087`  ``IPsec IKE-group proposals limit of 10 pieces``
* :vytask:`T4092`  ``IKEv2 mobike commit failed with DMVPN nhrp``
* :vytask:`T4093`  ``SNMPv3 snmpd.conf generation bug``
* :vytask:`T4101`  ``commit-archive: Use of uninitialized value $source_address in concatenation``
* :vytask:`T4104`  ``RAID1: "add raid md0 member sda1" does not restore boot sector``
* :vytask:`T4110`  ``[IPV6-SSH/DNS}  enable IPv6 link local adresses as listen-address %eth0``
* :vytask:`T4141`  ``Set high-availability vrrp sync-group without members error``
* :vytask:`T4142`  ``Input ifbX interfaces not displayed in op-mode``
* :vytask:`T4152`  ``NHRP shortcut-target holding-time does not work``
* :vytask:`T4154`  ``Error add second gre tunnel with the same source interface``
* :vytask:`T4165`  ``Custom conntrack rules cannot be deleted``
* :vytask:`T4168`  ``IPsec VPN is impossible to restart when DMVPN is configured``
* :vytask:`T4183`  ``IPv6 link-local address not accepted as wireguard peer``
* :vytask:`T4184`  ``NTP allow-clients address doesn't work it allows to use ntp server for all addresses``
* :vytask:`T4191`  ``Lost access to host after VRF re-creating``
* :vytask:`T4196`  ``DHCP server client-prefix-length parameter results in non-functional leases``
* :vytask:`T4203`  ``Reconfigure DHCP client interface causes brief outages``
* :vytask:`T4226`  ``VRRP transition-script does not work for groups name which contains -(minus) sign``
* :vytask:`T4228`  ``bond: OS error thrown when two bonds use the same member``
* :vytask:`T4233`  ``ssh: sync regex for allow/deny usernames to "system login"``
* :vytask:`T4234`  ``Show firewall partly broken in 1.3.x``
* :vytask:`T4237`  ``Conntrack-sync error - error adding listen-address command``
* :vytask:`T4240`  ``Cannot add wlan0 to bridge via configure``
* :vytask:`T4241`  ``ocserv openconnect looks broken in recent bulds of 1.3 Equuleus``
* :vytask:`T4242`  ``ethernet speed/duplex can never be switched back to auto/auto``
* :vytask:`T4258`  ``[DHCP-SERVER]  error parameter on Failover``
* :vytask:`T4259`  ``The conntrackd daemon can be started wrongly``
* :vytask:`T4263`  ``vyos.util.leaf_node_changed() dos not honor valueLess nodes``
* :vytask:`T4264`  ``vxlan: interface is destroyed and rebuild on description change``
* :vytask:`T4267`  ``Error - Missing required "ip key" parameter``
* :vytask:`T4273`  ``ssh: Upgrade from 1.2.X to 1.3.0 breaks config``
* :vytask:`T4297`  ``Interface configuration saving fails for ice/iavf based interfaces because they can't change speed/duplex settings``
* :vytask:`T4377`  ``generate tech-support archive includes previous archives``

**Other resolved issues**


* :vytask:`T4227`  ``Typo in help completion of hello-time option of bridge interface``
* :vytask:`T4255`  ``Unexpected print of dict bridge on delete``
* :vytask:`T4476`  ``Next steps after installation is not communicated properly to new users``

1.3.0 (21th December 2021)
==========================


**Breaking changes**


* :vytask:`T3350`  ``OpenVPN config file generation broken``
* :vytask:`T3866`  ``Configs with DNS forwarding listening on OpenVPN interfaces or interfaces without a fixed address cannot be migrated to the new syntax``

**Configuration syntax changes (automatically migrated)**


* :vytask:`T2162`  ``migration script for router-advert sets link-mtu 0 on bridge interfaces``
* :vytask:`T2691`  ``Upgrade from 1.2.5 to 1.3-rolling-202007040117 results in broken config due to case mismatch``
* :vytask:`T3293`  ``RPKI migration script errors out after CLI rewrite``

**New features and improvements**


* :vytask:`T3704`  ``Add ability to interact with Areca RAID adapers``
* :vytask:`T3745`  ``op-mode IPSec show vpn ipse sa sorting``
* :vytask:`T3912`  ``Use a more informative default post-login banner``
* :vytask:`T3945`  ``Add route-map for bgp aggregate-address``
* :vytask:`T3971`  ``Ability to build ISO images for XCP-NG hypervisor``
* :vytask:`T4012`  ``Add VRF support for TFTP``
* :vytask:`T4013`  ``Add pkg cloudwatch for AWS images``
* :vytask:`T4046`  ``Sflow - Add Source address parameter``
* :vytask:`T4049`  ``support command-style output with compare command``
* :vytask:`T4082`  ``Add op mode command to restart ldpd``
* :vytask:`T4084`  ``Dehardcode the default login banner``

**Bug fixes**


* :vytask:`T1624`  ``Failed to set up config session``
* :vytask:`T1710`  ``[equuleus] buster: add patch to fix live-build missing key error``
* :vytask:`T1847`  ``set_level incorrectly handles path given as empty string``
* :vytask:`T1876`  ``IPSec VTI tunnels are deleted after rekey and dangling around as A/D``
* :vytask:`T2009`  ``Ethernet Interface always stays down``
* :vytask:`T2022`  ``When RADIUS config is active, local logins won't work``
* :vytask:`T2082`  ``WireGuard broken after merging T2057``
* :vytask:`T2158`  ``Commit fails if ethernet interface doesn't support flow control (pause)``
* :vytask:`T2162`  ``migration script for router-advert sets link-mtu 0 on bridge interfaces``
* :vytask:`T2164`  ``Package libstrongswan-standard-plugins missing from image``
* :vytask:`T2167`  ``vyos.ifconfig.get_mac() broken``
* :vytask:`T2176`  ``'WiFiIf' object has no attribute 'set_state'``
* :vytask:`T2177`  ``Commit fails on adding disabled interface to bridge``
* :vytask:`T2241`  ``Changing settings on an interface causes it to fall out of bridge``
* :vytask:`T2273`  ``OpenVPN no longer starts in latest rolling, migrate to systemd``
* :vytask:`T2283`  ``openvpn not starting: ccd path in template not moved to /run/openvpn/ccd``
* :vytask:`T2293`  ``OpenVPN: UnboundLocalError after merging server_network PullRequest``
* :vytask:`T2318`  ``dns-forwarding migration script breaks with invalid interface name``
* :vytask:`T2337`  ``hw-id gone missing from interfaces after upgrade to 1.3-rolling-202004191028``
* :vytask:`T2427`  ``Interface addressing broken since fix for T2372 was merged``
* :vytask:`T2466`  ``live-build encounters apt dependency problem when building with local packages``
* :vytask:`T2578`  ``ipaddrcheck unaware of /31 host addresses - can no longer assign /31 mask to interface addresses``
* :vytask:`T2600`  ``RADIUS system login configuration rendered wrongly``
* :vytask:`T2624`  ``Serial Console: fix migration script for configured powersave and no console``
* :vytask:`T2642`  ``sshd fails to start due to configuration error``
* :vytask:`T2678`  ``High RAM usage on SSH logins with lots of IPv6 routes in the routing table.``
* :vytask:`T2682`  ``VRF aware services - connection no longer possible after system reboot``
* :vytask:`T2691`  ``Upgrade from 1.2.5 to 1.3-rolling-202007040117 results in broken config due to case mismatch``
* :vytask:`T2746`  ``IPv6 link-local addresses not configured``
* :vytask:`T2758`  ``router-advert: 'infinity' is not a valid integer number``
* :vytask:`T2886`  ``RADIUS authentication broken only returns operator level``
* :vytask:`T2894`  ``bond: lacp: member interfaces get removed once bond interface has vlans configured``
* :vytask:`T2952`  ``configd: timeout breaks synchronization of messages, causing freeze``
* :vytask:`T3208`  ``Does not possible to change user password``
* :vytask:`T3350`  ``OpenVPN config file generation broken``
* :vytask:`T3370`  ``dhcp: Invalid domain name "private"``
* :vytask:`T3699`  ``login: verify selected "system login user" name is not already used by the base system.``
* :vytask:`T3707`  ``Ping incorrect ip host checks``
* :vytask:`T3822`  ``OpenVPN processes do not have permission to read key files generated with `run generate openvpn key```
* :vytask:`T3866`  ``Configs with DNS forwarding listening on OpenVPN interfaces or interfaces without a fixed address cannot be migrated to the new syntax``
* :vytask:`T3886`  ``DHCP server can not start``
* :vytask:`T3887`  ``Removal of IPv6 BGP-peer with peer-group may trigger problems``
* :vytask:`T3913`  ``VRF traffic fails after upgrade from 1.3.0-RC6 to 1.3.0-EPA1/2``
* :vytask:`T3934`  ``Openconnect VPN broken: ocserv-worker general protection fault on client connect``
* :vytask:`T3962`  ``Image cannot be built without open-vm-tools``
* :vytask:`T3972`  ``Removing vif-c interface raises KeyError``
* :vytask:`T4015`  ``Update Accel-PPP to a newer revision``
* :vytask:`T4019`  ``Smoketests for SSTP and openconnect fails``
* :vytask:`T4033`  ``VRRP - Error security when setting scripts``
* :vytask:`T4035`  ``Geneve interfaces aren't displayed by operational mode commands``
* :vytask:`T4052`  ``Validator return traceback on VRRP configuration with the script path not in config dir``
* :vytask:`T4053`  ``VRRP impossible to set scripts out of the /config directory``
* :vytask:`T4167`  ``DMVPN apply wrong param on the first configuration``
* :vytask:`T4201`  ``Firewall - ICMPv6 matches not working as expected on 1.3.0``
* :vytask:`T4268`  ``Elevated LA while using VyOS monitoring feature``
* :vytask:`T4296`  ``Interface config injected by Cloud-Init may interfere with VyOS native``
* :vytask:`T4344`  ``DHCP statistics not matching, conf-mode generates incorrect pool name with dash``
* :vytask:`T4571`  ``Sflow with vrf configured does not use vrf to validate agent-address IP from vrf-configured interfaces``

**Other resolved issues**


* :vytask:`T1497`  ``"set system name-server" generates invalid/incorrect resolv.conf``
* :vytask:`T1606`  ``Rolling release no longer boots after adding hostname daemon``
* :vytask:`T1676`  ``[equuleus] buster: update GRUB boot parameters during upgrade``
* :vytask:`T2129`  ``XML schema: tagNode not allowed on first level in new XML op-mode definition``
* :vytask:`T2389`  ``BGP community-list unknown command``
* :vytask:`T2722`  ``get_config_dict() and key_mangling=('-', '_') will alter CLI data for tagNodes``
* :vytask:`T3182`  ``Main blocker Task for FRR 7.4/7.5 series update``
* :vytask:`T3293`  ``RPKI migration script errors out after CLI rewrite``
* :vytask:`T3302`  ``Make vyos-configd relay stdout from scripts to the user's console``
* :vytask:`T3687`  ``IS-IS is missing IPv6 support``
* :vytask:`T3689`  ``static ipv6 route doesn't deleted in some cases``
* :vytask:`T3695`  ``OpenConnect reports commit success when ocserv fails to start due to SSL cert/key file issues``
* :vytask:`T3697`  ``Impossible to delete IPsec completely``
* :vytask:`T3711`  ``service router-advert interface <name> dnssl option has no effects``
* :vytask:`T3725`  ``show configuration in json format``
* :vytask:`T3735`  ``Configuration with multiple network addresses of firewall network-group via colud-init fails``
* :vytask:`T4065`  ``IPSEC configuration error: connection to unix:///var/run/charon.ctl failed: No such file or directory``
* :vytask:`T4088`  ``Fix typo in login banner``
* :vytask:`T4115`  ``reboot in <x> not working as expected``
* :vytask:`T4198`  ``Error shown on commit``

1.3.0-epa3 (5th November 2021)
==============================



**Configuration syntax changes (automatically migrated)**


* :vytask:`T3925`  ``Tunnel: dhcp-interface not implemented - use source-interface instead``

**New features and improvements**


* :vytask:`T3927`  ``Kernel: Enable kernel support for HW offload of the TLS protocol``
* :vytask:`T3942`  ``Generate IPSec debug archive from op-mode``

**Bug fixes**


* :vytask:`T3610`  ``DHCP-Server creation for not primary IP address fails``
* :vytask:`T3846`  ``dmvpn configuration not reapllied after "restart vpn"``
* :vytask:`T3921`  ``tunnel: KeyError when using dhcp-interface``
* :vytask:`T3922`  ``NHRP: delete fails``
* :vytask:`T3925`  ``Tunnel: dhcp-interface not implemented - use source-interface instead``
* :vytask:`T3926`  ``strip-private does not sanitize "cisco-authentication" from NHRP configuration``
* :vytask:`T3941`  ``"show vpn ipsec sa" shows established time of parent SA not child SA's``
* :vytask:`T3943`  ``"netflow source-ip" prevents image upgrades if IP address does not exist locally``
* :vytask:`T3944`  ``VRRP fails over when adding new group to master``
* :vytask:`T3954`  ``FTDI cable makes VyOS sagitta latest hang, /dev/serial unpopulated, config system error``
* :vytask:`T3956`  ``GRE tunnel - unable to move from source-interface to source-address, commit error``
* :vytask:`T4004`  ``IPsec ike-group parameters are not saved correctly (after reboot)``
* :vytask:`T4034`  ``"make xcp-ng-iso" still includes vyos-xe-guest-utilities``

**Other resolved issues**


* :vytask:`T3188`  ``Tunnel local-ip to dhcp-interface Change Fails to Update``
* :vytask:`T3341`  ``Wrong behavior of the "reset vpn ipsec-peer XXX tunnel XXX" command``
* :vytask:`T3626`  ``Configuring and disabling DHCP Server``
* :vytask:`T3918`  ``DHCPv6 prefix delegation incorrect verify error``
* :vytask:`T3920`  ``dhclient exit hook script 01-vyos-cleanup causes too many arguments error``
* :vytask:`T3990`  ``WATCHFRR: crashlog and per-thread log buffering unavailable (due to files left behind in /var/tmp/frr/ after reboot)``
* :vytask:`T4005`  ``Feature Request: IPsec IKEv1 + IKEv2 for one peer``

1.3.0-epa2 (18th October 2021)
==============================




**New features and improvements**


* :vytask:`T3277`  ``DNS Forwarding - reverse zones``
* :vytask:`T3885`  ``dhcpv6-pd: randomly generated DUID is not persisted``
* :vytask:`T3890`  ``dhcp(v6): provide op-mode commands to retrieve both server and client logfiles``
* :vytask:`T3899`  ``Add support for hd44780 LCD displays``

**Bug fixes**


* :vytask:`T3750`  ``pdns-recursor 4.4 issue with dont-query and private DNS servers``
* :vytask:`T3874`  ``D-Link Ethernet Interface not working.``
* :vytask:`T3877`  ``VRRP always enabled rfc3768-compatibility even when not specified``
* :vytask:`T3878`  ``get_config_dict() no_tag_node_value_mangle has no effect``
* :vytask:`T3879`  ``GPG key verification fails when upgrading from a 1.3 beta version``
* :vytask:`T3883`  ``VRF - Delette vrf config on interface``
* :vytask:`T3893`  ``MGRE Tunnel commit crash If sit tunnel available``
* :vytask:`T3894`  ``Tunnel Commit Failed if system does not have `eth0```
* :vytask:`T3904`  ``NTP pool associations silently fail``

**Other resolved issues**


* :vytask:`T3422`  ``Dynamic DNS doesn't allow zone field with cloudflare protocol``
* :vytask:`T3425`  ``Scripts from the /config/scripts/ folder do not run on live system``
* :vytask:`T3880`  ``EFI boot shows error on display``
* :vytask:`T3882`  ``Upgrade PowerDNs recursor to 4.5 series``
* :vytask:`T3888`  ``Incorrect warning when poweroff command executed from configure mode.``
* :vytask:`T3889`  ``Migrate to journalctl when reading daemon logs``

1.3.0-epa1 (30th September 2021)
================================



**Configuration syntax changes (automatically migrated)**


* :vytask:`T3672`  ``DHCP-FO with multiple subnets results in invalid/non-functioning dhcpd.conf configuration file output``
* :vytask:`T3779`  ``Backport all 1.4 IS-IS features and configuration to 1.3 except VRF``
* :vytask:`T3804`  ``cli: Migrate and merge "system name-servers-dhcp" into "system name-server"``
* :vytask:`T3842`  ``Backport DHCP server improvements from VyOS 1.4 sagitta to 1.3 equuleus``

**New features and improvements**


* :vytask:`T1099`  ``Openvpn: use config files instead of one long command.``
* :vytask:`T1154`  ``use of local cache to build iso``
* :vytask:`T1176`  ``FRR - BGP replicating routes``
* :vytask:`T1350`  ``VRRP transition script will be executed once only``
* :vytask:`T3716`  ``Linux kernel parameters ignore_routes_with_link_down- ignore disconnected routing connections``
* :vytask:`T3779`  ``Backport all 1.4 IS-IS features and configuration to 1.3 except VRF``
* :vytask:`T3789`  ``Add custom validator for base64 encoded CLI data``
* :vytask:`T3803`  ``Add source-address option to the ping CLI``
* :vytask:`T3804`  ``cli: Migrate and merge "system name-servers-dhcp" into "system name-server"``
* :vytask:`T3840`  ``dns forwarding: Cache size should allow values > 10k``
* :vytask:`T3841`  ``dhcp-server: add ping-check option to CLI``
* :vytask:`T3842`  ``Backport DHCP server improvements from VyOS 1.4 sagitta to 1.3 equuleus``
* :vytask:`T3857`  ``reboot: send wall message to all users for information``
* :vytask:`T3859`  ``Add "log-adjacency-changes" to ospfv3 process``

**Bug fixes**


* :vytask:`T945`  ``Unable to change configuration after changing it from script (vbash + script-template)``
* :vytask:`T1148`  ``epa2 BGP peers initiate before config is fully loaded, routes leak.``
* :vytask:`T1249`  ``multiple PBR rules can set to a single interface``
* :vytask:`T1894`  ``FRR config not loaded after daemons segfault or restart``
* :vytask:`T2019`  ``LLDP wrong config generation for interface 'all'``
* :vytask:`T2127`  ``restart dhcp server reports a failure``
* :vytask:`T2161`  ``snmpd cannot start if ipv6 disabled``
* :vytask:`T2328`  ``dhcpv6 server not starting (disable check reversed?)``
* :vytask:`T2430`  ``cannot delete specific route static next-hop``
* :vytask:`T2432`  ``dhcpd: Can't create new lease file: Permission denied``
* :vytask:`T2434`  ``Duplicate Address Detection Breaks Interfaces``
* :vytask:`T2525`  ``OSPFv3 missing route map, not establishing``
* :vytask:`T2623`  ``Creating sit tunnel fails with “Can not set “local” for tunnel sit tun1 at tunnel creation”``
* :vytask:`T2738`  ``Modifying configuration in the "interfaces" section from VRRP transition scripts causes configuration lockup and high CPU utilization``
* :vytask:`T2759`  ``validate-value prints error messages from validators that fail even if overall validation succeeds``
* :vytask:`T2800`  ``Pseudo-Ethernet: source-interface must not be member of a bridge``
* :vytask:`T2895`  ``VPN IPsec "leftsubnet" declared 2 times``
* :vytask:`T2920`  ``Commit crash when adding the second mGRE tunnel with the same key``
* :vytask:`T2931`  ``Unicode decode error causes vyos.configd service to restart``
* :vytask:`T2941`  ``Using a non-ASCII character in the description field causes UnicodeDecodeError in configsource.py``
* :vytask:`T3076`  ``Router reboot adds unwanted 'conntrack-sync mcast-group '225.0.0.50'' line to configuration``
* :vytask:`T3196`  ``No NAT translations showing up``
* :vytask:`T3219`  ``Typo in openvpn server client config for IPv6 iroute``
* :vytask:`T3601`  ``Error in ssh keys for vmware cloud-init if ssh keys is left empty.``
* :vytask:`T3637`  ``vrf: bind-to-all didn't work properly``
* :vytask:`T3672`  ``DHCP-FO with multiple subnets results in invalid/non-functioning dhcpd.conf configuration file output``
* :vytask:`T3708`  ``isisd and gre-bridge commit error``
* :vytask:`T3731`  ``verify_accel_ppp_base_service return wrong config error for SSP``
* :vytask:`T3738`  ``openvpn fails if server and authentication are configured``
* :vytask:`T3740`  ``HTTPs API breaks when the address is IPv6``
* :vytask:`T3756`  ``VyOS generates invalid QR code for wireguard clients``
* :vytask:`T3772`  ``VRRP virtual interfaces are not shown in show interfaces``
* :vytask:`T3773`  ``Delete the "show system integrity" command (to prepare for a re-implementation)``
* :vytask:`T3777`  ``adding IPv6 EUI64 address fails commit in 1.3.0-rc6``
* :vytask:`T3781`  ``Revert the NAT implementation in 1.3 back to iptables``
* :vytask:`T3782`  ``Ingress Shaping with IFB No Longer Functional with 1.3``
* :vytask:`T3783`  ``"set protocols isis spf-delay-ietf" is not working``
* :vytask:`T3786`  ``GRE tunnel source address 0.0.0.0 error``
* :vytask:`T3788`  ``Keys are not allowed with ipip and sit tunnels``
* :vytask:`T3790`  ``Does not possible to configure PPTP static ip-address to users``
* :vytask:`T3792`  ``login: A hypen present in a username from "system login user" is replaced by an underscore``
* :vytask:`T3797`  ``show interface errors with vrrp configuration``
* :vytask:`T3802`  ``Commit fails if ethernet interface doesn't support flow control``
* :vytask:`T3805`  ``OpenVPN insufficient privileges for rtnetlink when closing TUN/TAP interface``
* :vytask:`T3806`  ``Don't set link local ipv6 address if MTU less then 1280``
* :vytask:`T3807`  ``Op Command "show interfaces wireguard"  does not show the output``
* :vytask:`T3808`  ``ipsec is mistakenly restarted after delete``
* :vytask:`T3816`  ``Error after entering outbound-interface command in NAT``
* :vytask:`T3850`  ``Dots are no longer allowed in SSH public key names``
* :vytask:`T3860`  ``Error on pppoe, tunnel and wireguard interfaces for IPv6 EUI64 addresses``
* :vytask:`T3867`  ``vxlan: multicast group address is not validated``

**Other resolved issues**


* :vytask:`T1202`  ``Add `hvinfo` to the packages directory``
* :vytask:`T1214`  ``Add `ipaddrcheck` to the packages directory``
* :vytask:`T1236`  ``Update Linux Kernel``
* :vytask:`T2027`  ``get_config_dict is failing when the configuration section is empty/missing``
* :vytask:`T2555`  ``XML op-mode generation scripts silently discard XML nodes``
* :vytask:`T2727`  ``Add a dotted decimal value validator``
* :vytask:`T2927`  ``isc-dhcpd release and expiry events never execute``
* :vytask:`T3217`  ``Save FRR configuration on each commit``
* :vytask:`T3234`  ``multi_to_list fails in certain cases, with root cause an element redundancy in XML interface-definitions``
* :vytask:`T3254`  ``Dynamic DNS status shows incorrect last update time``
* :vytask:`T3291`  ``Fault on setting offload RPS with single-core CPU``
* :vytask:`T3362`  ``1.3 - RC1 ifb redirect failing to commit``
* :vytask:`T3381`  ``Change GRE tunnel failed``
* :vytask:`T3396`  ``syslog can't be configured with an ipv6 literal destination in 1.2.x``
* :vytask:`T3431`  ``Show version all bug``
* :vytask:`T3537`  ``Unable to override the default OSPFv3 link cost for wireguard interface``
* :vytask:`T3634`  ``Add op command option for ping for do not fragment bit to be set``
* :vytask:`T3683`  ``VXLAN not accept ipv6 and source-interface options and mtu bug``
* :vytask:`T3730`  ``op-mode conntrack-sync miss some functions``
* :vytask:`T3732`  ``override-default helper should support adding defaultValues to default less nodes``
* :vytask:`T3768`  ``Remove early syntaxVersion implementation``
* :vytask:`T3776`  ``Rename FRR daemon restart op-mode commands``
* :vytask:`T3814`  ``wireguard: commit error showing incorrect peer name from the configured name``
* :vytask:`T3819`  ``Upgrade Salt Stack 3002.3 -> 3003 release train``
* :vytask:`T3820`  ``PowerDNS recursor - update from 4.3 -> 4.4 to sync with current``