BSDSec

deadsimple BSD Security Advisories and Announcements

OpenBGPD 8.6 released

We have released OpenBGPD 8.6, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

    * Filtered prefixes are now included in the Local-RIB if the config
      option 'rde rib Loc-RIB include filtered' is set.

    * Add 'bgpctl show rib filtered' to show filtered prefixes.

    * Add 'min-version' RTR config option and default to RTR version 1.
      Set min-version to 2 to enable draft-ietf-sidrops-8210bis-14 and
      ASPA support or better define the ASPA table in the config.

    * Adjust RTR ASPA pdu parser to follow draft-ietf-sidrops-8210bis-14

    * Check the max_prefix and max_out_prefix limits on config reload.

    * Fix race condition between TCP-MD5 key removal and session closure
      to ensure all messages are sent with the proper TCP-MD5 signature.

    * Fix 'nexthop qualify via bgp' by re-evaluating the nexthops when
      a BGP route is added to the FIB.

    * Handle the CLUSTER_LIST attribute according to RFC7606.

    * Fix some undefined or non-portable behaviour when handling
      NULL / 0-sized objects.

OpenBGPD-portable is known to compile and run on FreeBSD and the
Linux distributions Alpine, Debian, Fedora, RHEL/CentOS and Ubuntu.
It is our hope that packagers take interest and help adapt OpenBGPD-portable
to more distributions.

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release
possible.