Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| releases:21.02:notes-21.02.0-rc1 [2021/04/22 07:30] – Fix list zorun | releases:21.02:notes-21.02.0-rc1 [2021/04/27 15:19] – [Increased minimum hardware requirements: 8 MB flash, 64 MB RAM] zorun | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== OpenWrt 21.02.0-rc1 - First Release Candidate - 21 April 2021 ====== | + | ====== OpenWrt 21.02.0-rc1 - First Release Candidate - 26 April 2021 ====== |
| < | < | ||
| Line 13: | Line 13: | ||
| /* Uncomment when the release is still work-in-progress */ | /* Uncomment when the release is still work-in-progress */ | ||
| - | {{page> | + | /* {{page> |
| The OpenWrt Project is a Linux operating system targeting embedded devices. | The OpenWrt Project is a Linux operating system targeting embedded devices. | ||
| Line 25: | Line 25: | ||
| the help of the sysupgrade utility which will also attempt to preserve the | the help of the sysupgrade utility which will also attempt to preserve the | ||
| configuration. A configuration backup is advised nonetheless when upgrading to | configuration. A configuration backup is advised nonetheless when upgrading to | ||
| - | OpenWrt 21.02. | + | OpenWrt 21.02. |
| + | |||
| + | Get OpenWrt Firmware at: https:// | ||
| - | Get OpenWrt Firmware at: https:// | ||
| ===== Highlights in OpenWrt 21.02.0-rc1 ===== | ===== Highlights in OpenWrt 21.02.0-rc1 ===== | ||
| Line 36: | Line 37: | ||
| development for about one and a half year. | development for about one and a half year. | ||
| + | /* | ||
| This OpenWrt release includes support for WPA3 for most devices and HTTPS client and server support in the default images. This size increase makes it impossible to use OpenWrt 21.02 on any devices with less than 8 MB of flash. It also introduces significant changes to Ethernet switch configuration by changing from '' | This OpenWrt release includes support for WPA3 for most devices and HTTPS client and server support in the default images. This size increase makes it impossible to use OpenWrt 21.02 on any devices with less than 8 MB of flash. It also introduces significant changes to Ethernet switch configuration by changing from '' | ||
| + | */ | ||
| ==== WPA3 support included by default ==== | ==== WPA3 support included by default ==== | ||
| Line 46: | Line 49: | ||
| ==== TLS and HTTPS support included by default ==== | ==== TLS and HTTPS support included by default ==== | ||
| - | TLS support is now provided by default in OpenWrt images. It means that '' | + | TLS support is now provided by default in OpenWrt images |
| + | The '' | ||
| + | OpenWrt switched from mbed TLS to wolfSSL as the default SSL library, mbed TLS and OpenSSL are still available and can be installed manually. | ||
| - | FIXME: check what is the server-side configuration by default (is LuCI accessible over HTTPS by default?) | + | /* LuCI does not use https by default |
| ==== Initial DSA support ==== | ==== Initial DSA support ==== | ||
| Line 59: | Line 64: | ||
| This is a significant change to how switch ports and VLANs are managed. As such, sysupgrade will not be able to convert existing '' | This is a significant change to how switch ports and VLANs are managed. As such, sysupgrade will not be able to convert existing '' | ||
| - | FIXME: add link to OpenWrt DSA documentation | + | /* FIXME: add link to OpenWrt DSA documentation |
| + | |||
| + | The following targets are using a switch managed with DSA in OpenWrt 21.02: | ||
| + | * [[: | ||
| + | * [[: | ||
| + | * [[: | ||
| + | * [[: | ||
| + | * [[: | ||
| + | * [[: | ||
| + | * [[: | ||
| + | * [[: | ||
| + | * [[: | ||
| ==== Increased minimum hardware requirements: | ==== Increased minimum hardware requirements: | ||
| Due to new features being introduced and the general size increase of the Linux kernel, devices now need at least 8 MB of flash and 64 MB of RAM to run a default build of OpenWrt. | Due to new features being introduced and the general size increase of the Linux kernel, devices now need at least 8 MB of flash and 64 MB of RAM to run a default build of OpenWrt. | ||
| + | More flash space is recommended for extensibility, | ||
| It is still possible to build custom OpenWrt images (e.g. using the [[docs: | It is still possible to build custom OpenWrt images (e.g. using the [[docs: | ||
| Line 71: | Line 88: | ||
| ==== New hardware targets ==== | ==== New hardware targets ==== | ||
| - | A new '' | + | A new [[: |
| - | See [[: | + | See [[: |
| - | In addition, new '' | + | In addition, new [[: |
| + | |||
| + | Support for many new boards was added to the existing targets. | ||
| ==== Dropped hardware targets ==== | ==== Dropped hardware targets ==== | ||
| - | The '' | + | The [[: |
| - | With OpenWrt 21.02, the '' | + | |
| - | If you are still running with the '' | + | |
| - | Other targets were also removed: | + | With OpenWrt 21.02, the [[: |
| + | If you are still running with the [[: | ||
| + | |||
| + | Other targets were also removed: | ||
| + | |||
| + | ==== ASLR activated ==== | ||
| + | |||
| + | Network exposed user space applications are linked as position-independent executable (PIE) to allow full Address Space Layout Randomization (ASLR) support. This makes it harder for attackers to exploit OpenWrt. See [[docs: | ||
| + | |||
| + | ==== Kernel with container support ==== | ||
| + | |||
| + | Multiple Linux kernel compile options, needed for Linux Containers (LXC) and procd-ujail are activated by default for most targets. | ||
| + | This allows to use LXC and ujail with the normal release builds. | ||
| + | |||
| + | ==== SELinux support ==== | ||
| + | |||
| + | It is possible to compile OpenWrt with SELinux support. This is currently not activated by default. | ||
| ==== Core components update ==== | ==== Core components update ==== | ||
| Line 95: | Line 128: | ||
| * Updated Linux kernel | * Updated Linux kernel | ||
| * 5.4.111 for all targets | * 5.4.111 for all targets | ||
| - | * Network | + | * Network: |
| * hostapd 2020-06-08, dnsmasq 2.84, dropbear 2020.81 | * hostapd 2020-06-08, dnsmasq 2.84, dropbear 2020.81 | ||
| + | * cfg80211/ | ||
| + | * wireguard backport from upstream Linux kernel | ||
| * System userland: | * System userland: | ||
| * busybox 1.33.0 | * busybox 1.33.0 | ||
| - | ==== Known issues ==== | + | In addition to the listed applications, |
| - | + | ||
| - | * DSA support is new and might not be complete or fully working | + | |
| - | * The LuCI web interface has no support for DSA yet | + | |
| ===== Upgrading to 21.02.0-rc1 ===== | ===== Upgrading to 21.02.0-rc1 ===== | ||
| - | Sysupgrade can be used to upgrade a device from 19.07 to 21.02, and configuration will be preserved in most cases. Sysupgrade from 18.06 to 21.02 is not supported. | + | Sysupgrade can be used to upgrade a device from 19.07 to 21.02, and configuration will be preserved in most cases. |
| - | However, there is no migration path for targets that switched to DSA. | + | :!: Sysupgrade from 18.06 to 21.02 is not supported. |
| - | In that case, sysupgrade will refuse to proceed with an appropriate error message: | + | |
| + | :!: There is no migration path for targets that switched | ||
| + | '' | ||
| + | |||
| + | :!: The default root file system partition size changed for targets/ | ||
| + | |||
| + | ==== Known issues ==== | ||
| + | |||
| + | * DSA support is new and might not be complete or fully working | ||
| + | * The LuCI web interface has no support for DSA yet | ||
| + | * LuCI writes unnecessary IPv6 RA options to / | ||
| + | * Update luci-mod-network to git-21.107.58557 or later to fix this problem | ||
| ===== Final notes ===== | ===== Final notes ===== | ||