Main container

Posts Tagged ‘releases’

pfSense 2.3.2-RELEASE Now Available!

We are happy to announce the release of pfSense® software version 2.3.2!

This is a maintenance release in the 2.3.x series, bringing a number of bug fixes. The full list of changes is on the 2.3.2 New Features and Changes page.

This release includes fixes for 60 bugs, 8 features and 2 todo items completed.

If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.

Upgrade Considerations

As always, you can upgrade from any prior version directly to 2.3.2. The Upgrade Guide covers everything you’ll need to know for upgrading in general.  There are a few areas where additional caution should be exercised with this upgrade if upgrading from 2.2.x or an earlier release, all noted in the 2.3 Upgrade Guide.

For those upgrading from a 2.3 beta or RC version who have not yet upgraded to 2.3-RELEASE, please see this post.

Known Regressions

While, nearly all of the common regressions between 2.2.6 and 2.3-RELEASE have been fixed in subsequent releases, the following still exist:

  • IPsec IPComp does not work. This is disabled by default. However in 2.3.1, it is automatically not enabled to avoid encountering this problem. Bug 6167
  • IGMP Proxy does not work with VLAN interfaces, and possibly other edge cases. Bug 6099. This is a little-used component. If you’re not sure what it is, you’re not using it.
  • Those using IPsec and OpenBGPD may have non-functional IPsec unless OpenBGPD is removed. Bug 6223

Packages

Compared to pfSense 2.2.x, the list of available packages in pfSense 2.3.x has been significantly trimmed.  We have removed packages that have been deprecated upstream, no longer have an active maintainer, or were never stable. A few have yet to be converted for Bootstrap and may return if converted. See the 2.3 Removed Packages list for details.  pfSense 2.3.2 does bring back ntopng, and the vnstat (traffic totals) package is new.

pfSense software is Open Source

For those who wish to review the source code in full detail, the changes are all publicly available in three repositories on Github. 2.3.2-RELEASE is built from the RELENG_2_3_2 branch of each repository.

Main repository – the web GUI, back end configuration code, and build tools.
FreeBSD source – the source code, with patches of the FreeBSD 10.3 base.
FreeBSD ports – the FreeBSD ports used.

Download

Downloads are available on the mirrors as usual.

Downloads for New Installs and Upgrades to Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.

Supporting the Project

Our efforts are made possible by the support our customers and the community. You can support our efforts via one or more of the following.

  • pfSense Store –  official hardware, apparel and pre-loaded USB sticks direct from the source.  Our pre-installed appliances are the fast, easy way to get up and running with a fully-optimized system. All are now shipping with 2.3 release installed.
  • Gold subscription – Immediate access to past hang out recordings as well as the latest version of the book after logging in to the members area.
  • Commercial Support – Purchasing support from us provides you with direct access to the pfSense team.
  • Professional Services – For more involved and complex projects outside the scope of support, our most senior engineers are available under professional services.

pfSense 2.3.1-RELEASE Now Available!

We are happy to announce the release of pfSense® software version 2.3.1!

This is a maintenance release in the 2.3.x series, bringing a number of bug fixes, two security fixes in the GUI, as well as security fixes for OpenSSL, OpenVPN and FreeBSD atkbd and sendmsg. The full list of changes is on the 2.3.1 New Features and Changes page.

This release includes a total of 103 bug fixes. 79 regressions in 2.3 have been fixed, mostly minor issues in the new GUI. Several of these are significant issues, and have resolved nearly all the post-upgrade problems encountered in 2.3-RELEASE. 24 issues affecting 2.2.x and prior versions have also been fixed.

If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.

Read the rest of this entry »

pfSense 2.3-RELEASE Now Available!

We are happy to announce the release of pfSense® software version 2.3!

The most significant changes in this release are a rewrite of the webGUI utilizing Bootstrap, and the underlying system, including the base system and kernel, being converted entirely to FreeBSD pkg. The pkg conversion enables us to update pieces of the system individually going forward, rather than the monolithic updates of the past.  The webGUI rewrite brings a new responsive look and feel to pfSense requiring a minimum of resizing or scrolling on  a wide range of devices from desktop to mobile phones.

For the highlights, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.

The full list of changes is on the 2.3 New Features and Changes page.

To get to a release, we’ve closed 760 total tickets.  While the majority of these were related to the Bootstrap conversion, 137 are fixed bugs impacting 2.2.6 and earlier releases.

Read the rest of this entry »

2.2.6-RELEASE Now Available!

pfSense® software version 2.2.6 is now available. This release includes a few bug fixes and security updates.

Security Fixes and Errata

Bug Fixes and Change List

The bug fixes and changes in this release are detailed here.

Read the rest of this entry »

2.2.5-RELEASE Now Available!

pfSense® software version 2.2.5 is now available. This release includes a number of bug fixes and some security updates.

Today is also the 11 year birthday of the project. While work started in late summer 2004, the domains were registered and the project made public on November 5, 2004. Thanks to everyone that has helped make the project a great success for 11 years. Things just keep getting better, and the best is yet to come.

Read the rest of this entry »

2.2.4-RELEASE Now Available!

pfSense® software version 2.2.4 release is now available, bringing a number of bug fixes and some security updates.

Security Fixes and Errata

  • pfSense-SA-15_07.webgui: Multiple Stored XSS Vulnerabilities in the pfSense WebGUI
    • The complete list of affected pages and fields is listed in the linked SA.
  • FreeBSD-SA-15:13.tcp: Resource exhaustion due to sessions stuck in LAST_ACK state. Note this only applies to scenarios where ports listening on pfSense itself (not things passed through via NAT, routing or bridging) are opened to untrusted networks. This doesn’t apply to the default configuration.
  • Note: FreeBSD-SA-15:13.openssl does not apply to pfSense. pfSense did not include a vulnerable version of OpenSSL, and thus was not vulnerable.
  • Further fixes for file corruption in various cases during an unclean shut down (crash, power loss, etc.). #4523
    • Fixed pw in FreeBSD to address passwd/group corruption
    • Fixed config.xml writing to use fsync properly to avoid cases when it could end up empty. #4803
    • Removed the ‘sync’ option from filesystems for new full installs and full upgrades now that the real fix is in place.
    • Removed softupdates and journaling (AKA SU+J) from NanoBSD, they remain on full installs. #4822
  • The forcesync patch for #2401 is still considered harmful to the filesystem and has been kept out. As such, there may be some noticeable slowness with NanoBSD on certain slower disks, especially CF cards and to a lesser extent, SD cards. If this is a problem, the filesystem may be kept read-write on a permanent basis using the option on Diagnostics > NanoBSD. With the other above changes, risk is minimal. We advise replacing the affected CF/SD media by a new, faster card as soon as possible. #4822
  • Upgraded PHP to 5.5.27 to address CVE-2015-3152 #4832
  • Lowered SSH LoginGraceTime from 2 minutes to 30 seconds to mitigate the impact of MaxAuthTries bypass bug. Note Sshlockout will lock out offending IPs in all past, current and future versions. #4875

Bug Fixes and Change List

The bug fixes and changes in this release are detailed here.

Upgrade Guidance

As always, you can upgrade from any previous version straight to 2.2.4. For those already running any 2.2x version, this is a low risk upgrade. This is a high priority upgrade for those using IPsec on 2.2x versions. For those on 2.1.x or earlier versions, there are a number of significant changes which may impact you. Pay close attention to the 2.2 Upgrade Notes for the details.

Download

Downloads are available on the mirrors as usual.

Downloads for New Installs and Upgrades to Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.

Supporting the Project

Our efforts are made possible by the support of the community. We encourage you to contribute to the cause via one or more of the following.

2.2.3-RELEASE Now Available!

pfSense® software version 2.2.3 release is now available, bringing a number of bug fixes and some security updates.

Security Fixes

  • pfSense-SA-15_06.webgui: Multiple XSS Vulnerabilities in the pfSense WebGUI
    • The complete list of affected pages and fields is large and all are listed in the linked SA.
  • FreeBSD-SA-15:10.openssl: Multiple OpenSSL vulnerabilities (Including Logjam): CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-4000

Bug Fixes and Change List

The bug fixes and changes in this release are detailed here.

Read the rest of this entry »

2.2.2-RELEASE Now Available!

pfSense® software version 2.2.2 release is now available, bringing a number of bug fixes and a couple low-risk security updates that don’t apply to most users.

Security Fixes

This release includes two low-risk security updates.

  • FreeBSD-SA-15:09.ipv6: Denial of Service with IPv6 Router Advertisements. Where a system is using DHCPv6 WAN type, devices on the same broadcast domain as that WAN can send crafted packets causing the system to lose IPv6 Internet connectivity.
  • FreeBSD-SA-15:06.openssl: Multiple OpenSSL vulnerabilities. Most aren’t applicable, and worst impact is denial of service.

Bug Fixes and Change List

The bug fixes and changes in this release are detailed here.

Read the rest of this entry »

2.2.1 RELEASE Now Available

pfSense® software 2.2.1 release is now available, bringing a number of bug fixes and some security fixes.

Security Fixes

A note on the OpenSSL “FREAK” vulnerability:

  • Does not affect the web server configuration on the firewall as it does not have export ciphers enabled.
  • pfSense 2.2 already included OpenSSL 1.0.1k which addressed the client-side vulnerability.
  • If packages include a web server or similar component, such as a proxy, an improper user configuration may be affected. Consult the package documentation or forum for details.

Read the rest of this entry »

pfSense 2.2-RELEASE Now Available!

I’m happy to announce the release of pfSense® software version 2.2! This release brings improvements in performance and hardware support from the FreeBSD 10.1 base, as well as enhancements we’ve added such as AES-GCM with AES-NI acceleration, among a number of other new features and bug fixes. Jim Thompson posted an overview of the significant changes previously.

In the process of reaching release, we’ve closed out 392 total tickets (this number includes 55 features or tasks), fixed 135 bugs affecting 2.1.5 and prior versions, fixed another 202 bugs introduced in 2.2 by advancing the base OS version from FreeBSD 8.3 to 10.1, changing IPsec keying daemons from racoon to strongSwan, upgrading the PHP backend to version 5.5 and switching it from FastCGI to PHP-FPM, and adding the Unbound DNS Resolver, and many smaller changes.

Read the rest of this entry »