This a fix for the PHP warning below. I propose to simply never use the
certificate name because:
a) It's easier to understand if the description always has the same source.
b) The use of a common name is no longer recommended and will disappear
sooner or later anyway [1,2].
[1]: https://letsencrypt.org/docs/glossary/#def-CN
[2]: https://letsencrypt.org/docs/profiles/#tlsserver
Related PHP warning:
[02-Mar-2026 15:02:54 Etc/UTC] PHP Warning: Undefined array key "commonname" in /usr/local/opnsense/mvc/app/library/OPNsense/AcmeClient/LeCertificate.php on line 206
* Security: Q-Feeds Connect - add new options as available in integrated blocklists, closes https://github.com/opnsense/plugins/issues/5197
This adds allowlists (regex patterns), source_nets Q-Feeds applies on, address to return and optional NXDOMAIN responses.
Please note this version is only compatible with current community versions, business edition installs will have to wait for 26.4.
* Security: Q-Feeds Connect - update version and changelog
Fix critical syntax error in opnsense-fw active response script that prevents IPs from being added to the __wazuh_agent_drop alias.
## Problem
The script contains invalid Python syntax - a variable assignment inside a dictionary literal:
```python
"parameters":{
unique_key = "%s-%s" % (...) # Invalid Python syntax
"keys": [unique_key]
}
```
This causes the script to fail with a SyntaxError on all 'add' commands, meaning attacking IPs are never blocked.
## Changes
- Move unique_key assignment outside dictionary literal (fixes SyntaxError)
- Fix typo: 'even' -> 'event' in error message
- Add debug logging for easier troubleshooting
## Testing
- Verified syntax with `python3 -m py_compile`
- Tested active response add/delete operations on OPNsense 26.1
* security/acme-client: Add option for global token to TransIP
The TransIP dns api and the acme.sh api for TransIP support the possibility to create a global access token.
With a global access token, the api call to TransIP can be amde from every ip adress.
There is a new button in the client configuration for TransIP, and this will be added to the account configuration file, which is used by acme.sh
