pfSense software version 2.4.5, now available for new installations and upgrades. The latest version includes fixes for issues present in previous pfSense 2.4.x branch releases. Netgate also announced that due to the significant nature of the changes in this upgrade, warnings and error messages are likely to occur while the upgrade is in process.
In nearly all cases these errors are a harmless side effect of the inconsistent state of the system during the upgrade from changes in the operating system, libraries, and PHP versions.
2.4.5 adds several new features, including:
- OS Upgrade: Base Operating System upgraded to FreeBSD 11-STABLE after FreeBSD 11.3
- Added sorting and search/filtering to several pages including the Certificate Manager, DHCP Leases, and ARP/NDP Tables.
- Added DNS Resolver (Unbound) Python Integration
- Added IPsec DH and PFS groups 25, 26, 27, and 31
- Changed UFS filesystem defaults to “noatime” on new installations to reduce unnecessary disk writes
- Set “autocomplete=new-password” for forms containing authentication fields to help prevent browser auto-fill from completing irrelevant fields
- Added new Dynamic DNS providers Linode and Gandi
pfSense software release version 2.4.5 addresses several security issues:
- Potential cross-site scripting (XSS) vectors in several GUI pages
- A privilege escalation issue where an authenticated user granted access to the picture widget could run arbitrary PHP code or gain access to pages for which they otherwise would not have privileges
- Added a “fsck” run with “-z” for “UFS” filesystems on upgrade to address FreeBSD-SA-19:10.ufs
- Fixed the format of XMLRPC authentication failure messages so they can be acted upon by “sshguard”
- Added a custom CSRF Error page with warnings and confirmation prompts before resubmitting potentially harmful data
- Addressed FreeBSD Security Advisories & Errata Notices