pfSense® 2.4.2 release notes

[vc_row full_width=”stretch_row” css=”.vc_custom_1522327087646{margin-top: 60px !important;}”][vc_column width=”2/3″ css=”.vc_custom_1522327136322{margin-bottom: 30px !important;}”]

pfSense® 2.4.2 release notes

[vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522327747370{margin-top: -20px !important;}”]

pfSense® is a free distribution based on FreeBSD open-source, customized to be a firewall and router. Besides being a powerful firewall and router platform, it includes a long list of packages that allow you to easily expand the functionality without compromising system security.JTVCYWRyb3RhdGUlMjBiYW5uZXIlM0QlMjIzJTIyJTVE

Security / Errata

[vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522327747370{margin-top: -20px !important;}”]

• Updated to OpenSSL 1.0.2m to address CVE-2017-3736 and CVE-2017-3735
• FreeBSD-SA-17:10.kldstat
• FreeBSD-SA-17:08.ptrace
• Fixed a potential XSS vector in status_monitoring.php #8037 pfSense-SA-17_07.packages.asc
• Fixed a potential XSS vector in diag_dns.php #7999 pfSense-SA-17_08.webgui.asc
• Fixed a potential XSS vector on index.php via widget sequence parameters #8000 pfSense-SA-17_09.webgui.asc
• Fixed a potential XSS in the widgetkey parameter of multi-instance dashboard widgets #7998pfSense-SA-17_09.webgui.asc
• Fixed a potential clickjacking issue in the CSRF error page

Interfaces

[vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522327747370{margin-top: -20px !important;}”]

• Fixed PPP interfaces with a VLAN parent when using the new VLAN names #7981
• Fixed issues with QinQ interfaces failing to show as active #7942
• Fixed a panic/crash when disabling a LAGG interface #7940
• Fixed issues with LAGG interfaces losing their MAC address #7928
• Fixed a crash in radvd on SG-3100 (ARM) #8022
• Fixed an issue with UDP packet drops on SG-1000 #7426
• Added an interface to manage the built-in switch on the SG-3100
• Trimmed more characters off the interface description to avoid console menu output line wrapping on a VGA console
• Fixed handling of the VIP uniqueid parameter when changing VIP types
• Fixed PPP link parameter field display when a VLAN parent interface was selected #8098

Operating System

[vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522327747370{margin-top: -20px !important;}”]

• Fixed issues resulting from having a manually configured filesystem layout with a separate /usr slice #8065
• Fixed issues updating ZFS systems created ZFS using an MBR partition scheme (empty /boot due to bootpool not being imported) #8063
• Fixed issues with BGP sessions utilizing MD5 TCP signatures in routing daemon packages#7969
• Updated dpinger to 3.0
• Enhanced the update repository selection choices and methods
• Updated the system tunables that tell the OS not harvest data from interrupts, point-to-point interfaces and Ethernet devices to reflect the new name/format for FreeBSD 11
• Changed ruleset processing so that it retries if another process is in the middle of an update, rather than presenting an error to the user
• Fixed some UEFI boot issues on various platforms

Certificates

[vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522327747370{margin-top: -20px !important;}”]

• Fixed invalid entries in /etc/ssl/openssl.cnf (only affected non-standard usage of openssl in the cli/shell) #8059
• Fixed LDAP authentication when the server uses a globally trusted root CA (new CA selection for “Global Root CA List”) #8044
• Fixed issues creating a certificate with a wildcard CN/SAN #7994
• Added validation to the Certificate Manager to prevent importing a non-certificate authority certificate into the CA tab #7885

IPsec

[vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522327747370{margin-top: -20px !important;}”]

• Fixed a problem using IPsec CA certificates when the subject contains multiple RDNs of the same type #7929
• Fixed an issue with enabling IPsec mobile client support in translated languages #8043
• Fixed issues with IPsec status display/output, including multiple entries (one disconnected, one connected) #8003
• Fixed display of multiple connected mobile IPsec clients #7856
• Fixed display of child SA entries #7856

OpenVPN

[vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522327747370{margin-top: -20px !important;}”]

• Added an option for OpenVPN servers to utilize “redirect-gateway ipv6” to act as the default gateway for connecting VPN clients with IPv6, similar to “redirect-gateway def1” for IPv4.#8082
• Fixed the OpenVPN Client Certificate Revocation List option #8088

Traffic Shaping

[vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522327747370{margin-top: -20px !important;}”]

• Fixed an error when configuring a limiter over 2Gb/s (new max is 4Gb/s) #7979
• Fixed issues with bridge network interfaces not supporting ALTQ #7936
• Fixed issues with vtnet network interfaces not supporting ALTQ #7594
• Fixed an issue with Status > Queues failing to display statistics for VLAN interfaces #8007
• Fixed an issue with traffic shaping queues not allowing the total of all child queues to be 100%#7786
• Fixed an issue with limiters given invalid fractional/non-integer values from limiter entries or passed to Captive Portal from RADIUS #8097

Rules/NAT

[vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522327747370{margin-top: -20px !important;}”]

• Fixed selection of IPv6 gateways when creating a new firewall rule #8053
• Fixed errors on the Port Forward configuration page resulting from stale/non-pfSense cookie/query data #8039
• Fixed setting VLAN Priority via firewall rules #7973

XMLRPC

[vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522327747370{margin-top: -20px !important;}”]

• Fixed a problem with XMLRPC synchronization when the synchronization user has a password containing spaces #8032
• Fixed XMLRPC Issues with Captive Portal vouchers #8079

WebGUI

[vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522327747370{margin-top: -20px !important;}”]

• Added an option to disable HSTS for the GUI web server #6650
• Changed the GUI web service to block direct download of .inc files #8005
• Fixed sorting of Services on the dashboard widget and Services Status page #8069
• Fixed an input issue where static IPv6 entries allowed invalid input for address fields #8024
• Fixed a JavaScript syntax error in traffic graphs when invalid data is encountered (e.g. user was logged out or session cleared) #7990
• Fixed sampling errors in Traffic Graphs #7966
• Fixed a JavaScript error on Status > Monitoring #7961
• Fixed a display issue with empty tables on Internet Explorer 11 #7978
• Changed configuration processing to use an exception rather than die() when it detects a corrupted configuration
• Added filtering to the pfTop page
• Added a means for packages to display a modal to the user (e.g. reboot required before package can be used)

Dashboard

[vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522327747370{margin-top: -20px !important;}”]

• Fixed display of available updates on the Installed Packages Dashboard widget #8035
• Fixed a font issue in the Support Dashboard widget #7980
• Fixed formatting of disk slices/partitions in the System Information Dashboard widget
• Fixed an issue with the Pictures widget when there is no valid picture saved #7896

Packages

[vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522327747370{margin-top: -20px !important;}”]

• Fixed display of packages which have been removed from the repository in the Package Manager #7946
• Fixed an issue displaying locally installed packages when the remote package repository is unavailable #7917

Misc

[vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522327747370{margin-top: -20px !important;}”]

• Fixed interface binding in ntpd so it does not erroneously listen on all interfaces #8046
• Fixed a problem where restarting the syslogd service would make sshlockout_pf process orphans #7984
• Added support for the ClouDNS dynamic DNS provider #7823
• Fixed an issue in the User and Group Manager pages when operating on entries immediately after deleting an entry #7733
• Changed the setup wizard so it skips interface configuration when run on an AWS EC2 Instance#6459
• Fixed an IGMP Proxy issue with All-multicast mode on SG-1000 #7710

[/vc_column][vc_column width=”1/3″][vc_tta_accordion c_icon=”” active_section=”1″][vc_tta_section i_icon_fontawesome=”fa fa-check” add_icon=”true” title=”All versions” tab_id=”1e176-0b7ea534-a5bf969a-50a5eeb3-efc9feab-68870c33-53871b11-7d9282fb-01217f37-1de25693-9e60b4fe-5de8″]

• pfSense® CE 2.5.0 Beta
• pfSense® CE 2.4.3: release notes
• pfSense® CE 2.4.2: release notes
• pfSense® CE 2.4.1: release notes
• pfSense® CE 2.4: release notes
• pfSense® CE 2.3.3: release notes
• pfSense® CE 2.3.2: release notes
• pfSense® CE 2.3.1: release notes
• pfSense® CE 2.3: release notes
• pfSense® CE 2.2.5: release notes
• pfSense® CE 2.2: release notes
• pfSense® CE 2.1.5: release notes
• pfSense® CE 2.1.4: release notes
• pfSense® CE 2.1.3: release notes
• pfSense® CE 2.1.2: release notes
• pfSense® CE 2.1.1: release notes
• pfSense® CE 2.1: release notes
• pfSense® CE 2.0.3: release notes
• pfSense® CE 2.0.2: release notes
• pfSense® CE 2.0.1: release notes
• Main features

[/vc_tta_section][vc_tta_section i_icon_fontawesome=”fa fa-external-link” add_icon=”true” title=”Link utili” tab_id=”2e176-0b7ea534-a5bf969a-50a5eeb3-efc9feab-68870c33-53871b11-7d9282fb-01217f37-1de25693-9e60b4fe-5de8″]

• Guide firewallhardware
• Sito ufficiale pfSense^®
• Forum pfSense^®
• Forum pfSense^® in italiano
• Documentazione pfSense^®
• Download pfSense^®

[/vc_tta_section][/vc_tta_accordion][vc_widget_sidebar sidebar_id=”sidebar-18″]