[vc_row full_width=”stretch_row” css=”.vc_custom_1522397707268{margin-top: 60px !important;}”][vc_column width=”2/3″ css=”.vc_custom_1522397665712{margin-bottom: 30px !important;}”][vc_column_text]

pfSense® CE 2.1.4 note di rilascio

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522398908576{margin-top: -20px !important;}”][vc_column_text]pfSenseLa versione 2.1.4 segue di poco la 2.1.3 ed è principalmente una release di sicurezza.
Fare riferimento alle note sulla release 2.1.1 per le modifiche da 2.1 a 2.1.1 e alla 2.1.2 per le modifiche da 2.1.1 a 2.1.3.[/vc_column_text][vc_raw_html]JTVCYWRyb3RhdGUlMjBiYW5uZXIlM0QlMjIyJTIyJTVE[/vc_raw_html][vc_column_text]

Aggiornamenti di sicurezza

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522398908576{margin-top: -20px !important;}”][vc_column_text]

Alcuni Pacchetti aggiuntivi dovranno essere aggiornati in quanto sono soggetti a bug. Durante il processo di aggiornamento del firmware i pacchetti verranno reinstallati correttamente. In caso contrario, disinstallare e reinstallare i pacchetti per assicurare che l’ultima versione dei binari sia in uso.[/vc_column_text][vc_column_text]

Altre correzioni

[/vc_column_text][vc_separator align=”align_left” border_width=”2″ css=”.vc_custom_1522398908576{margin-top: -20px !important;}”][vc_column_text]

  • Patch for Captive Portal pipeno leaking issue which leads to the ‘Maximum login reached’ on Captive Portal.
  • Remove text not relevant to Allowed IPs on the Captive Portal.
  • Remove units from burst as it is always specified in bytes. (Per ipfw(8)).
  • Add column for internal port on UPnP status page.
  • Make listening on interface rather than IP optional for UPnP.
  • Fix highlighting of selected rules.
  • Add guiconfig to widgets not including it.
  • /etc/version_kernel and /etc/version_base no longer exist, use php_uname to get the version for XMLRPC check instead.
  • Fix variable typo.
  • Delete all IP Aliases when an interface is disabled.
  • Properly handle RRD archive rename during upgrade and squelch errors if it fails.
  • Convert protocol ssl:// to https:// when creating HTTP headers for XMLRPC.
  • Show disabled interfaces when they were already part of an interface group. This avoids showing a random interface instead and letting the user add it by mistake.
  • The client-config-dir directive for OpenVPN is also useful when using OpenVPN’s internal DHCP while bridging, so add it in that case also.
  • Use curl instead of fetch to download update files.
  • Escape variable before passing to shell from stop_service().
  • Add some protection to parameters that come through _GET in service management.
  • Escape argument on call to is_process_running, also remove some unecessary mwexec() calls.
  • Do not allow interface group name to be bigger than 15 chars.
  • Be more precise to match members of a bridge interface, it should fix
  • Do not expire already disabled users, it fixes
  • Validate starttime and stoptime format on firewall_schedule_edit.php
  • Be more careful with host parameter on diag_dns.php and make sure it’s escaped when call shell functions
  • Escape parameters passed to shell_exec() in diag_smart.php and elsewhere
  • Make sure variables are escaped/sanitized on status_rrd_graph_img.php
  • Replace exec calls to run rm by unlink_if_exists() on status_rrd_graph_img.php
  • Replace all `hostname` calls by php_uname(‘n’) on status_rrd_graph_img.php
  • Replace all `date` calls by strftime() on status_rrd_graph_img.php
  • Add $_gb to collect possibly garbage from exec return on status_rrd_graph_img.php
  • Avoid directory traversal in pkg_edit.php when reading package xml files, also check if file exists before try to read it
  • Remove id=0 from miniupnpd menu and shortcut
  • Remove . and / from pkg name to avoid directory traversal in pkg_mgr_install.php
  • Fix core dump on viewing invalid package log
  • Avoid directory traversal on system_firmware_restorefullbackup.php
  • Re-generate session ID on a successful login to avoid session fixation
  • Protect rssfeed parameters with htmlspecialchars() in rss.widget.php
  • Protect servicestatusfilter parameter with htmlspecialchars() in services_status.widget.php
  • Always set httponly attribute on cookies
  • Set ‘Disable webConfigurator login autocomplete’ as on by default for new installs
  • Simplify logic, add some protection to user input parameters on log.widget.php
  • Make sure single quotes are encoded and avoid javascript injection on exec.php
  • Add missing NAT protocols on firewall_nat_edit.php
  • Remove extra data after space in DSCP and fix pf rule syntax.
  • Only include a scheduled rule if it is strictly before the end time.


Questo documento è stato preso dal sito pfSense® CE e l’originale si trova
a questo indirizzo.

[/vc_column_text][/vc_column][vc_column width=”1/3″][vc_tta_accordion c_icon=”” active_section=”1″][vc_tta_section i_icon_fontawesome=”fa fa-check” add_icon=”true” title=”Tutte le versioni” tab_id=”1e176-0b7ea534-a5bf969a-50a5eeb3-efc9feab-68870c33-5387″][vc_column_text]

[/vc_column_text][/vc_tta_section][vc_tta_section i_icon_fontawesome=”fa fa-external-link” add_icon=”true” title=”Link utili” tab_id=”2e176-0b7ea534-a5bf969a-50a5eeb3-efc9feab-68870c33-5387″][vc_column_text]

[/vc_column_text][/vc_tta_section][/vc_tta_accordion][vc_widget_sidebar sidebar_id=”sidebar-17″][/vc_column][/vc_row]