2.1.2 Release Now available

pfSense release 2.1.2 follows less than a week after pfSense release 2.1.1.  pfSense 2.1.2 is primarily a security release.

Security Fixes

The Heartbleed OpenSSL bug and another OpenSSL bug which enables a side-channel attack are both covered by the following security announcements:

Packages also have their own independent fixes and need updating. During the firmware update process the packages will be properly reinstalled.   If this fails for any reason, uninstall and then reinstall packages to ensure that the latest version of the binaries is in use.

Other Fixes

  • On packages that use row_helper, when user clicks on an add or delete button, the page scrolls to top. #3569
  • Correct a typo on function name in Captive Portal bandwidth allocation.
  • Make extra sure that we do not start multiple instances of dhcpleases if, for example, the PID is stale or invalid, and there is still a running instance.
  • Fix for CRL editing. Use an alphanumeric test rather than purely is_numericint because the ID is generated by uniqid and is not purely numeric. #3591

You will want to perform a full security audit of your pfSense installations, renewing any passwords, generating or fitting new certificates, placing the old certificates on a CRL, etc.

Note for AutoConfigBackup users – If you’re not already on the most recent AutoConfigBackup package version, make sure you upgrade it under System>Packages before upgrading to 2.1.2.

Share this Post:

48 Responses to “2.1.2 Release Now available”

  1. David Hettinger Says:

    Thank you for addressing this is such a timely manner. It is greatly appreciated, just like all the work you do!

  2. Lawrence Dwight Says:

    Well done guys! I’m sure it wasn’t easy to get this done quickly.

  3. Darryl Mackay Says:

    Thanks for all the hard work in keeping a good product up to date. Look forward to more releases in the future.

  4. James Carter Says:

    Very timely! Thank you. Updating now…

  5. Ray Singh Says:

    Thanks you!! This quick release of a security fix is greatly appreciated.

  6. Francis Leesard Says:

    Thanks ! i know it has been longs day/nights for you guys…

  7. Justin Mitchell Says:

    Great work guys! Thanks for the quick turnaround!!

  8. Bryan Says:

    Thank you all for patching this so quickly, excellent work!

  9. Cybernet Says:

    Perfect! Thanks again guys for everything. Hard at work and fast as always.

  10. Chidanand B Says:

    Awesome guys… Really, I understand and respect your time and paitence in your work, keep it up…~!

  11. Over Says:

    Wow just on time nice work.

  12. Darkk Says:

    Awesome work guys! Soon as I got home from work I clicked on the update button and grabbed a cup of coffee while it was dong it’s thing. No issues. Out of caution since I use OpenVPN I re-generated all the certs.

    Working great!!

    Thanks for pulling this off quickly.

  13. Tatjana Schweiger Says:

    Thank you very much for this timely update! THIS is how router software should be held up to date 🙂

  14. @dr3do Says:

    Thanks for addressing the heartbleed issue that fast… great, guys! #thumbsup

  15. Svend Says:

    Well done 🙂

  16. ashish bagayatkar Says:

    Great work !!!!
    I know that it has been huge pressure to release the bug fix in such short time period.

  17. biGdada Says:

    wow that was fast.
    thank you guys

  18. jideel Says:

    I’m using 2.1 release and :
    openssl version is “OpenSSL 0.9.8y 5 Feb 2013″, FreeBSD version is ” 8.3-RELEASE-p11″. So 2.1-release should not be affected by these flaws. Am i wrong ?
    Thanks

  19. Shree Paudel / Product Manager Says:

    Thank you so much for security update!!!

  20. Lawrence Dwight Says:

    Seems you were faster at getting an update out than Cisco and Juniper! Not too shabby!

    http://www.engadget.com/2014/04/10/the-heartbleed-bug-is-affecting-routers-too/

  21. stelios Says:

    i have the same problems with vpn restarts

  22. SK Says:

    Thanks for the hard work. I work at a Telco and I can just imagine the pressure you must be facing in order to mitigate this problem.

  23. Arne Kaulfuß Says:

    Thanks for the timely reaction. As always: well done, upgrade worked flawlessly!

  24. Anthon Says:

    Thanks a lot guys for your reactivity, you’re very nice so I subscribed to your Gold membership to show my support to this project.
    Keep up that excellent work.

  25. Tommy McNeely Says:

    Do you have a matrix of what versions are affected vs not? I realize that in some cases its not just the base OS that is the problem, but also packages, but it would be nice if we had a general idea of which versions are affected and should be patched immediately, versus should just be patched. Moreover, this would tell us which systems needed to be completely re-keyed and re-passworded.

  26. Rentea Adrian Says:

    Great work!
    Thanks so much!

  27. Carlo Llanera Says:

    Thank you so much for the update guys! We all appreciate the effort.

  28. jim feldman Says:

    Upgrade from 2.1 was completely painless. Great work folks.

  29. John Smith Says:

    We still have a pfsense 1.2.2 and 1.2.3 running (scheduled for upgrades later this year).

    Are these affected by the heartbleed bug? Anyone know? Both say that Openvpn is Beta 1.5, platform 1.2.3 and backported from 2.0.

    Not sure what this means in the BSD world.

    Can anyone comment?

  30. Thomas Pa. Says:

    Thanks, just installed the new version.
    As a little “thank you” I justed signed up as a Gold Member 😉

  31. Zeeshan Hashmi Says:

    DansGuardian not working properly on pfsense 2.1.2 Release

    please resolve the issue

  32. nimamhd Says:

    Thank you, this is really appreciated. very hard ,but very quick.

  33. Chris Buechler Says:

    Zeeshan: nothing changed related to packages or DansGuardian between versions, any issues there would be specific to the DansGuardian package regardless of version. Post to the forum or mailing list with info for assistance. That’s a package we do not develop or maintain ourselves, it’s from an outside contributor.

  34. ronnie Says:

    Put the information about autoconfig backup at the top!
    If one didn’t do that first, they will need to go to the shell (via physical terminal or ssh) and:

    Main menu after connecting to the terminal:
    enter `8` (to get to the shell)
    enter:
    rm /etc/inc/crypt_acb.php /usr/local/pkg/autoconfig*
    enter:
    exit (to get back to the main menu.
    enter 11 (to restart the web interface)
    Go to the web interface and login again.
    *IF* you can get to the packages section, re-install the autoconfig backup package.
    *IF you still have the reinstalling packages screen*, reboot the firewall, then reinstall the autoconfig backup package.

    My guess is, there’s another service to restart instead of rebooting the firewall, however that’s how I fixed mine.

  35. Shoaib Islam Says:

    appreciated work done in a short time… Secondly i want to know how to make multiple profiles for users like mikrotik in hotspot.
    do we have some thing like mikrotik profile making with different user names and password.. Please work on it if pfsense team has not worked on it so far that while creating a user you can identify his download and upload speed for each user…..

    Hoping for it will be done… if it is already done can anybody help me out

    Thanks and Best regards

  36. Shoaib Islam Says:

    i know the capitive portal usage but pass through mac not come up with user name and password i want that there should be different profiles that should be set for each user name and password

  37. Zeeshan Hashmi Says:

    bundle of thanks Mr.Chris Buechler 🙂

  38. andrea Says:

    very good job! Thank you!

  39. Donny Suksri Says:

    I use pfSense for 2 years now. Very good sofware and robot. Thank you very much to pfSense developer. Today I subscribed to your Gold membership and I would like to support pfSense project.

  40. NFace21 Says:

    Thanks a lot!!! Have been using PF for many many years!! Still a very happy customer!! 🙂

  41. David Zahler Says:

    @Zeeshan Hashmi, I ran into the same issue with DansGuardian.

    Simply shell into pfSense and delete /tmp/.dguardian* and restart DansGuardian. You should be all set.

    David

  42. Wackie Says:

    After running this update from 2.1.1 I’m getting errors on several parts:

    – DynDNS: etc/inc/services.inc on line 1597
    – pfSense updater: /etc/inc/pfsense-utils.inc on line 1639

    Any solutions? Of course I want the heartbleed bug fixed, but I can’t use my router like this.

  43. Lee Marzke Says:

    I upgraded 2.1Beta to 2.1-Release and that broke IP6 tunneling. The new 2.1.2 release fixed the tunnel ( to HE) but all my http virtual domains were broken and served by the default domain on apache. I was testing this internally , so maybe only NAT reflection was broken. I reverted back to 2.1-release, maybe I’ll test externally later.

    Anyone having virt domain issues on 2.1.2 ?

  44. pfSense2User Says:

    The beta version of DansGuardian won’t work, and tried installing the older one, and worked for 2 reboots and died.

  45. sno Says:

    Thanks – updated both systems and working fine.

  46. tcat Says:

    Updated from 2.1 to 2.1.2 on 3 gateways this AM. All went extremely well! Thank you for this great product, support, and ongoing updates!

  47. Thankful Says:

    Thanks for the GREAT work!! Very impressed with the system and the speed of updates addressing security.

  48. sag Says:

    as usual, you stay the best !!!
    Thakns for this job !
    Nice work

Please don’t post technical questions or off-topic comments. It is far more likely that your questions and concerns will be addressed effectively through one of our support channels.

Leave a Reply