deadsimple BSD Security Advisories and Announcements

OpenBGPD 6.9p0 released

We have released OpenBGPD 6.9p0, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This is the first stable release for the 6.9 version. It includes
the following changes:

    * Introduced bgpd(8) 'rde evaluate all' to reduce path hiding in
      IXP route-server environments.

    * Added RTR support to OpenBGPD.

    * Added bgpctl(8) "show rtr" to display basic information about
      RTR sessions.

    * Added bgpctl(8) "show sets" to display information about the roa-set,
      as-sets and prefix-sets loaded into bgpd(8).

    * Properly implemented "rde med compare strict" in bgpd(8) and ensured
      that the order of prefixes is always correct.

    * Introduced the bgpd.conf(5) per neighbor and global config option
      "reject as-set yes/no" to allow rejection of received UPDATES with
      AS_SET segments. These rejected prefixes can be viewed with `bgpctl
      show rib in error`.

    * No longer allow configuration of the same neighbor multiple times.

    * Introduced a send hold timer in bgpd(8) to detect stalls on the sending
      side of a TCP connection, acting as a last resort to detect faulty peers.

    * pf(4) tables track now prefixes correctly even when received by multiple

OpenBGPD-portable is known to compile and run on FreeBSD, and
the Linux distributions Debian, Ubuntu and Alpine Linux. It is our
hope that packagers take interest and help adapt OpenBGPD-portable to
more distributions.

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release