pfSense® 2.1.4 note di rilascio

pfSenseLa versione 2.1.4 segue di poco la 2.1.3 ed è principalmente una release di sicurezza.
Fare riferimento alle note sulla release 2.1.1 per le modifiche da 2.1 a 2.1.1 e alla 2.1.2 per le modifiche da 2.1.1 a 2.1.3.

Aggiornamenti di sicurezza

Alcuni Pacchetti aggiuntivi dovranno essere aggiornati in quanto sono soggetti a bug. Durante il processo di aggiornamento del firmware i pacchetti verranno reinstallati correttamente. In caso contrario, disinstallare e reinstallare i pacchetti per assicurare che l’ultima versione dei binari sia in uso.

Altre correzioni

  • Patch for Captive Portal pipeno leaking issue which leads to the ‘Maximum login reached’ on Captive Portal.
  • Remove text not relevant to Allowed IPs on the Captive Portal.
  • Remove units from burst as it is always specified in bytes. (Per ipfw(8)).
  • Add column for internal port on UPnP status page.
  • Make listening on interface rather than IP optional for UPnP.
  • Fix highlighting of selected rules.
  • Add guiconfig to widgets not including it.
  • /etc/version_kernel and /etc/version_base no longer exist, use php_uname to get the version for XMLRPC check instead.
  • Fix variable typo.
  • Delete all IP Aliases when an interface is disabled.
  • Properly handle RRD archive rename during upgrade and squelch errors if it fails.
  • Convert protocol ssl:// to https:// when creating HTTP headers for XMLRPC.
  • Show disabled interfaces when they were already part of an interface group. This avoids showing a random interface instead and letting the user add it by mistake.
  • The client-config-dir directive for OpenVPN is also useful when using OpenVPN’s internal DHCP while bridging, so add it in that case also.
  • Use curl instead of fetch to download update files.
  • Escape variable before passing to shell from stop_service().
  • Add some protection to parameters that come through _GET in service management.
  • Escape argument on call to is_process_running, also remove some unecessary mwexec() calls.
  • Do not allow interface group name to be bigger than 15 chars.
  • Be more precise to match members of a bridge interface, it should fix
  • Do not expire already disabled users, it fixes
  • Validate starttime and stoptime format on firewall_schedule_edit.php
  • Be more careful with host parameter on diag_dns.php and make sure it’s escaped when call shell functions
  • Escape parameters passed to shell_exec() in diag_smart.php and elsewhere
  • Make sure variables are escaped/sanitized on status_rrd_graph_img.php
  • Replace exec calls to run rm by unlink_if_exists() on status_rrd_graph_img.php
  • Replace all `hostname` calls by php_uname(‘n’) on status_rrd_graph_img.php
  • Replace all `date` calls by strftime() on status_rrd_graph_img.php
  • Add $_gb to collect possibly garbage from exec return on status_rrd_graph_img.php
  • Avoid directory traversal in pkg_edit.php when reading package xml files, also check if file exists before try to read it
  • Remove id=0 from miniupnpd menu and shortcut
  • Remove . and / from pkg name to avoid directory traversal in pkg_mgr_install.php
  • Fix core dump on viewing invalid package log
  • Avoid directory traversal on system_firmware_restorefullbackup.php
  • Re-generate session ID on a successful login to avoid session fixation
  • Protect rssfeed parameters with htmlspecialchars() in rss.widget.php
  • Protect servicestatusfilter parameter with htmlspecialchars() in services_status.widget.php
  • Always set httponly attribute on cookies
  • Set ‘Disable webConfigurator login autocomplete’ as on by default for new installs
  • Simplify logic, add some protection to user input parameters on log.widget.php
  • Make sure single quotes are encoded and avoid javascript injection on exec.php
  • Add missing NAT protocols on firewall_nat_edit.php
  • Remove extra data after space in DSCP and fix pf rule syntax.
  • Only include a scheduled rule if it is strictly before the end time.

Questo documento è stato preso dal sito pfSense® e l’originale si trova
a questo indirizzo.