5 files changed, 136 insertions, 0 deletions

diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x
-Subproject f991faab2c0d95cbec5d46996b154145955572d
+Subproject b1a35b8ae02c7a72ee29bf3e1595fedf254479e
diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst
index 4d5d802d..5960cd58 100644
--- a/docs/changelog/1.3.rst
+++ b/docs/changelog/1.3.rst
@@ -8,6 +8,34 @@
    _ext/releasenotes.py
 
 
+2023-12-22
+==========
+
+* :vytask:`T4760` ``(bug): VyOS does not support running multiple instances of DHCPv6 clients``
+
+
+2023-12-21
+==========
+
+* :vytask:`T5714` ``(bug): IPSec VPN: op-mode: "show log vpn" does not show results``
+* :vytask:`T3039` ``(feature): Resize a root partition and filesystem automatically during deployment in virtual environments``
+* :vytask:`T2404` ``(bug): Cannot change MTU``
+* :vytask:`T2353` ``(bug): Interface [conf_mode] errors parent task``
+* :vytask:`T5796` ``(bug): Openconnect - HTTPS  security headers are missing``
+
+
+2023-12-19
+==========
+
+* :vytask:`T2116` ``(feature): Processing configuration via Cloud-init User-Data``
+
+
+2023-12-18
+==========
+
+* :vytask:`T2191` ``(feature): Using tallow to block sshd probes``
+
+
 2023-12-15
 ==========
 
diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst
index 1db86da5..385d1d63 100644
--- a/docs/changelog/1.4.rst
+++ b/docs/changelog/1.4.rst
@@ -8,6 +8,58 @@
    _ext/releasenotes.py
 
 
+2023-12-24
+==========
+
+* :vytask:`T5853` ``(default): Typo interfaces-virtual-ethernet.xml.in``
+
+
+2023-12-22
+==========
+
+* :vytask:`T5811` ``(bug): static dhcp-interface routes not installed``
+* :vytask:`T5804` ``(bug): SNAT "any" interface error``
+* :vytask:`T4760` ``(bug): VyOS does not support running multiple instances of DHCPv6 clients``
+
+
+2023-12-21
+==========
+
+* :vytask:`T5778` ``(bug): The show dhcp server leases operation mode command does not work as expected``
+* :vytask:`T5775` ``(default): Migrated Firewall Global State Policy ineffective on latest firewall zone config``
+* :vytask:`T5637` ``(bug): Firewall default-action log``
+* :vytask:`T5796` ``(bug): Openconnect - HTTPS  security headers are missing``
+* :vytask:`T3580` ``(feature): Refactoring firewall ipv6 rule icmpv6``
+* :vytask:`T2898` ``(feature): Support NDP proxy``
+* :vytask:`T2229` ``(feature): PPPOE Default Queue type selection``
+
+
+2023-12-20
+==========
+
+* :vytask:`T5823` ``(feature): Protocol BGP add default values for config dictionary``
+* :vytask:`T5798` ``(enhancment): reverse-proxy load-balancing service should support multiple certificates for frontend``
+
+
+2023-12-19
+==========
+
+* :vytask:`T5828` ``(default): Fix GRUB installation on arm64``
+
+
+2023-12-18
+==========
+
+* :vytask:`T5751` ``(feature): Adjust new image tools for non-interactive use``
+* :vytask:`T5831` ``(feature): show system image should reverse order by addition date``
+* :vytask:`T5825` ``(bug): image-tools: restore authentication on 'add system image'``
+* :vytask:`T5821` ``(bug): image-tools: restore vrf-aware 'add system image'``
+* :vytask:`T5819` ``(bug): Don't echo password on install image``
+* :vytask:`T5806` ``(bug): Clear old raid data on new install image``
+* :vytask:`T5789` ``(bug): image-tools should copy ssh host keys on image update``
+* :vytask:`T5758` ``(default): Restore scanning configs when live installing``
+
+
 2023-12-15
 ==========
 
diff --git a/docs/changelog/1.5.rst b/docs/changelog/1.5.rst
index f8207e80..4ef32704 100644
--- a/docs/changelog/1.5.rst
+++ b/docs/changelog/1.5.rst
@@ -8,6 +8,55 @@
    _ext/releasenotes.py
 
 
+2023-12-23
+==========
+
+* :vytask:`T5678` ``(feature): Improvements in PPPoE configuration``
+
+
+2023-12-22
+==========
+
+* :vytask:`T5804` ``(bug): SNAT "any" interface error``
+
+
+2023-12-21
+==========
+
+* :vytask:`T5807` ``(bug): NAT66  op-mode bugs``
+* :vytask:`T5778` ``(bug): The show dhcp server leases operation mode command does not work as expected``
+* :vytask:`T5775` ``(default): Migrated Firewall Global State Policy ineffective on latest firewall zone config``
+* :vytask:`T5676` ``(bug): NAT66 source rule with negation source/destination prefix causes TypeError``
+* :vytask:`T5637` ``(bug): Firewall default-action log``
+* :vytask:`T5796` ``(bug): Openconnect - HTTPS  security headers are missing``
+
+
+2023-12-20
+==========
+
+* :vytask:`T5823` ``(feature): Protocol BGP add default values for config dictionary``
+* :vytask:`T5798` ``(enhancment): reverse-proxy load-balancing service should support multiple certificates for frontend``
+
+
+2023-12-19
+==========
+
+* :vytask:`T5828` ``(default): Fix GRUB installation on arm64``
+
+
+2023-12-18
+==========
+
+* :vytask:`T5751` ``(feature): Adjust new image tools for non-interactive use``
+* :vytask:`T5831` ``(feature): show system image should reverse order by addition date``
+* :vytask:`T5825` ``(bug): image-tools: restore authentication on 'add system image'``
+* :vytask:`T5821` ``(bug): image-tools: restore vrf-aware 'add system image'``
+* :vytask:`T5819` ``(bug): Don't echo password on install image``
+* :vytask:`T5806` ``(bug): Clear old raid data on new install image``
+* :vytask:`T5789` ``(bug): image-tools should copy ssh host keys on image update``
+* :vytask:`T5758` ``(default): Restore scanning configs when live installing``
+
+
 2023-12-15
 ==========
 
diff --git a/docs/configuration/vpn/openconnect.rst b/docs/configuration/vpn/openconnect.rst
index 1cc197e9..845d9196 100644
--- a/docs/configuration/vpn/openconnect.rst
+++ b/docs/configuration/vpn/openconnect.rst
@@ -165,6 +165,13 @@ Simple setup with one user added and password authentication:
   set vpn openconnect ssl ca-certificate 'ca-ocserv'
   set vpn openconnect ssl certificate 'srv-ocserv'
 
+To enable the HTTP security headers in the configuration file, use the command:
+
+.. code-block:: none
+
+  set vpn openconnect http-security-headers
+
+
 Adding a 2FA with an OTP-key
 ============================