pfSense® CE 2.3.1 note di rilascio
Questa pagina contiene il riassunto delle innovazioni, aggiunte e migliorie di pfSense® CE 2.3.1.
La versione è ora stabile e compatibile con tutte le Appliance legate alle precedenti versioni.
Security/Errata
- FreeBSD Security Advisories
- OpenVPN upgraded from 2.3.10 to 2.3.11. Fixes two potential security issues.
- pfSense Advisories
- pfSense-SA-16_03.webgui
- pfSense-SA-16_04.filterlog
- 2.3.1 update 1 patches pfSense-SA-16_05.webgui.
Config Upgrade
- Fixed config upgrade for CARP VIPs on gateway groups, GRE and gif for uniqid format. #6222
- Fixed config upgrade for IP aliases with CARP IP parent. #6164
- Correct OpenVPN topology config upgrade to retain 2.2.x and prior net30 topology. #6140
- Correct and adjust apinger parameters to dpinger parameters automatically on upgrade. #6142
Gateways
- Fix static route for IPv6 monitor IP with link-local gateway. #6353
- Fix default gateway switching with IPv6 and link-local gateways. #6258
OS/Backend
- NanoBSD is now permanent read-write, to avoid issues with slow rw->ro mount times and systems getting stuck read-only mounted. #6184
- Systems using a RAM disk for /var/ have their alias tables backed up and restored during bootup. #6189
- Set console settings (serial configuration, password protection, etc.) post-upgrade. #6120
- Ensure package repo is updated with latest metadata when checking for latest version. #6115
- Display consistent firmware version on dashboard and in update checker. #6320
- Correct description of update branch options. #6136
- Prevent update checking failures from killing webGUI. #6177
- Make pkg use configured proxy server settings where they exist. #6149
Web GUI
- Fix row delete button on unsaved aliases, NTP, UPnP and other screens. #6101
- Captive portal MAC passthrough credits waiting period box restored. #6290
- Outbound NAT edit screen destination field alias auto-completion restored. #6287
- Captive portal allowed IPs direction selection on edit fixed. #6267
- Restored input validation on port forwards to prohibit IPv6. #6265
- Restored input validation on firewall rules to prohibit IPv6 IPs in IPv4 rules and vice versa. #6211
- Fixed PHP error on edit of PPP interfaces. #6264
- Fixed radio button placement on gateways dashboard widget settings. #6259
- Fixed display post-refresh of system information dashboard widget. #6251
- Restored in/out bytes counters on Status>Interfaces. #6244
- Correctly show and hide OpenVPN topology field as applicable. #6236 #6214
- Correct voucher character set input validation. #6231
- Disable background update checking on dashboard update check is disabled. #6212
- Restore input validation of IP address family and rule type, verifying IPv6 IPs with IPv6 rules, and IPv4 for IPv4 rules. #6218
- Add validation of address family and protocol combinations on packet capture page. #6219
- Add validation of IP aliases with CARP parent interfaces to ensure matching address family. #6218
- Restore GET parameters on status_graph.php. #6192
- Fixed PHP error on input validation failure with floating rules in some cases. #6175
- Use CDATA for firewall rule separator descriptions so non-English characters work. #6174
- Fix port forward edit destination field filling when virtual IPs configured. #6173
- Fix load balancer monitor edit. #6171
- Restore “none” in load balancer fall-back pool. #6170
- Restore use of aliases in load balancer. #6169
- Fix duplicate for load balancer pools and virtual servers. #6168
- Restore description field on lagg edit page. #6163
- Fix saving of bogons update frequency. #6162
- Restore description field on captive portal IP passthrough. #6161
- Fix saving of sticky connections timeout field. #6146
- Show all restore areas in backup/restore screen. #6144
- Fix moving of rule separator before saving. #6128
- Use consistent up and down arrow formats on dashboard widgets. #6123
- Fix typo on OpenVPN server description. #6102
- Fix missing string on notification “mark as read” button. #6104
- Fix firewall rule separator positioning with easy rule addition. #6105
- Prevent closing of info box on monitoring page. #6106
- Add custom date range option to monitoring page.
- Use infoblock on IPsec PSK screen. #6107
- Fixed loss of “Do not NAT” enable on edit on outbound NAT. #6112
- Correct label of 1:1 NAT edit screen. #6114
- Add AJAX updates to NTP status page. #6117
- Fix button spacing on Edit File and Command pages. #5995
- Fix specification of port in DNS Resolver domain overrides. #6091
- Fix moving of multiple items to bottom of list on firewall, NAT and IPsec screens. #6092
- Fix setup wizard with only WAN assigned and using static IP. #6093
- Remove logo from wizard since it’s now redundant. #6095
- Fix gateway widget cut-off with 3 column dashboard. #6096
- Fixed force update on RFC 2136 DDNS. https://redmine.pfsense.org/issues/6359
- Fix reboot prompt when changing RAM disk setting and encountering an input error. #6349
- Fix highlighted tab when editing IPsec mobile P1. #6341
- Fix selection of configured speed and duplex on interface page. #6331
- Fix division by zero in status_queues.php. #6329
- Fix alignment issues in forms. #6327
- Fix entry of CIDR range in host aliases for conversion to IPs. #6322
- Allow use of # and ! again in DNS Forwarder domain overrides. #6310
- Restored hostname infobox in menu bar. #6306
- Fixed editing and deleting of additional DHCP pools. #6303
- Fixed requests to diag_system_activity.php piling up on slow systems. #6166
Interfaces
- Unset LAN DHCPv6/RA configuration if LAN interface is removed. #6152
IPsec
- Fix starting of strongswan twice. #6160
DNS Resolver
- Switched domain overrides from stub-zone to forward-zone so domain overrides don’t require the target server provide recursion. #6065
- Allow adding 0.0.0.0/0 to access lists. #6073
- Added 100,000 and 200,000 options for Unbound cache limit. #6230
- Fix Unbound startup where both DNS Forwarder and Resolver are enabled. #6354
DHCP Server
- Hostnames now allowed for NTP servers. #6239
IPsec
- Fixed LAN interfaces stopping functioning when IPsec is in use. #6296
- Mobile PSK matching issue with multiple PSKs fixed. #6286
- leftsendcert=always specified for all RSA types. #6082
- rc.newipsecdns fixed to check correct enabled status. #6351
Notifications
- Fixed growl notifications to unresolvable hostname generating crash report. #6187
- Fixed growl notification test with no password. #6221
Captive Portal
- Fixed error handling captive portal username with single quote. #6203
- Fixed issues with mixed-case zone names. #6278
OpenVPN
- Prevent leading space in tunnel network configuration causing invalid configuration. #6198
User Manager
- Fix RADIUS login with attribute class (25) when the server returns multiple attribute entries with different data. #6086
- Honor deny config write for RADIUS users. #6088
Package System
- Uninstall all packages pre-upgrade from <= 2.2.x to 2.3 to avoid problems from old packages. Reinstall them post-upgrade. #6137
- Fix reinstall of renamed packages post-upgrade to 2.3. #6118
- Fix package reinstallation getting stuck in loop when there is no Internet connectivity post-upgrade. #6180
Other
- Removed lua support from nginx to not deprecate old CPUs lacking CMOV support. #6185
- Added validation to console menu interface assignment to prevent creating duplicate VLANs. #6183
- Blacklisted S.M.A.R.T. options with Hyper-V to prevent crash. #6147
- Silence SSH host key log spam. #6143
- Fix order of gateway and gateway group name in gateway down log message. #6134
- Allow use of @ in hostname field for Namecheap DDNS. #6122
- Fix console error where $nat_if_list isn’t an array. #6307
- Include patch number in version display. #6309
- Fix pw groupdel error in log during boot. #6352
- Fixed stale xmlrpc.lock preventing config sync from functioning. #6328
- Fixed failed chown on startup with /var as a RAM disk. #6131
- Crash reporter now ignores warnings in release versions. #6178
- Fixed crash reporter to show full PHP warnings in development versions. #6097
Update 1
2.3.1 update 1 (2.3.1_1) was released on May 25, 2016 with the following fixes/changes since 2.3.1-RELEASE.
- Security issue pfSense-SA-16_05.webgui patched.
- Lowered default LDAP timeout from 25 seconds to 5 seconds. #6367
- Fixed handling of IPsec negotiation mode with IKE version set to auto. #6360
- Increase PHP’s memory limit to 512 MB on 64 bit versions to better accommodate systems with a large number of active states. #6364
- Set request_terminate_timeout the same as max_execution_time to prevent many possible circumstances of “504 gateway error” from occurring. #6396
- Fix use of URL IP type aliases in firewall rules. #6403
- Fix show/hide fields Javascript in Chrome on Mac OS X. #6401
- Fixed save of “IPv6 over IPv4 Tunneling” address on System>Advanced, Networking. #6381
Update 2 through 4
These were internal-only versions that weren’t publicly-released.
Update 5
2.3.1 update 5 (2.3.1_5) was released on June 16, 2016 with the following fixes/changes since 2.3.1_1.
- Fixed command injection vulnerability in auth.inc via User Manager. #6475
- Fixed command injection vulnerability in pkg_mgr_install.php id parameter. #6474
- Upgraded PHP to 5.6.22
- Fixed Captive Portal redirect hangs caused by longer keepalive_timeout in nginx. #6421
- Fixed DDNS PTR zone in dhcpd.conf with third octet of 0. #6413
- Fixed save and reset buttons on load balancer status page. #6254
- Fixed schedule editing on firewall rules page. #6428
- Allow “-” character in TFTP server field on DHCP Server page. #6433
- Allow “-” and “_” characters in system tunables. #6438
- Fixed changing of link type on PPPs edit screen. #6439
- Fixed setting of “RADIUS issued IPs” on L2TP page. #6440
- Restored apply changes button for interface mismatch post-config restore. #6460
- Fixed display of Outbound NAT port aliases. #6463
- Fixed schedule edit allowing invalid time range. #6468
Questa pagina è stata presa da qui.
- pfSense® CE 2.4.3: note di rilascio
- pfSense® CE 2.4.2: note di rilascio
- pfSense® CE 2.4.1: note di rilascio
- pfSense® CE 2.4: note di rilascio
- pfSense® CE 2.3.3: note di rilascio
- pfSense® CE 2.3.2: note di rilascio
- pfSense® CE 2.3.1: note di rilascio
- pfSense® CE 2.3: note di rilascio
- pfSense® CE 2.2.5: note di rilascio
- pfSense® CE 2.2: note di rilascio
- pfSense® CE 2.1.5: note di rilascio
- pfSense® CE 2.1.4: note di rilascio
- pfSense® CE 2.1.3: note di rilascio
- pfSense® CE 2.1.2: note di rilascio
- pfSense® CE 2.1.1: note di rilascio
- pfSense® CE 2.1: note di rilascio
- pfSense® CE 2.0.3: note di rilascio
- pfSense® CE 2.0.2: note di rilascio
- pfSense® CE 2.0.1: note di rilascio
- Caratteristiche principali
- Sito ufficiale pfSense®
- Forum pfSense®
- Forum pfSense® in italiano
- Documentazione pfSense®
- Download pfSense®