La release Open Source di Pfsense® 2.4.2 è ora disponibile e pronta per il download. Qui di seguito, potete analizzare le caratteristiche salienti.
Qualora decidiate di utilizzarla, potete riportare la vostra esperienza sul forum di pfSense®
Security / Errata
- Aggiornato a OpenSSL 1.0.2m per indirizzare CVE-2017-3736 e CVE-2017-3735
- FreeBSD-SA-17: 10.kldstat
- FreeBSD-SA-17: 08.ptrace
- Risolto un potenziale vettore XSS in status_monitoring.php # 8037 pfSense-SA-17_07.packages.asc
- Risolto un potenziale vettore XSS in diag_dns.php # 7999 pfSense-SA-17_08.webgui.asc
- Risolto un potenziale vettore XSS su index.php tramite i parametri della sequenza del widget # 8000 pfSense-SA-17_09.webgui.asc
- Risolto un potenziale XSS nel parametro widgetkey di widget cruscotto multi-istanza # 7998 pfSense-SA-17_09.webgui.asc
- Risolto un potenziale problema di clickjacking nella pagina degli errori CSRF
Interfaces
- Fixed PPP interfaces with a VLAN parent when using the new VLAN names #7981
- Fixed issues with QinQ interfaces failing to show as active #7942
- Fixed a panic/crash when disabling a LAGG interface #7940
- Fixed issues with LAGG interfaces losing their MAC address #7928
- Fixed a crash in radvd on SG-3100 (ARM) #8022
- Fixed an issue with UDP packet drops on SG-1000 #7426
- Added an interface to manage the built-in switch on the SG-3100
- Trimmed more characters off the interface description to avoid console menu output line wrapping on a VGA console
- Fixed handling of the VIP uniqueid parameter when changing VIP types
- Fixed PPP link parameter field display when a VLAN parent interface was selected #8098
Operating System
- Fixed issues resulting from having a manually configured filesystem layout with a separate /usr slice #8065
- Fixed issues updating ZFS systems created ZFS using an MBR partition scheme (empty /boot due to bootpool not being imported) #8063
- Fixed issues with BGP sessions utilizing MD5 TCP signatures in routing daemon packages#7969
- Updated dpinger to 3.0
- Enhanced the update repository selection choices and methods
- Updated the system tunables that tell the OS not harvest data from interrupts, point-to-point interfaces and Ethernet devices to reflect the new name/format for FreeBSD 11
- Changed ruleset processing so that it retries if another process is in the middle of an update, rather than presenting an error to the user
- Fixed some UEFI boot issues on various platforms
Certificates
- Fixed invalid entries in /etc/ssl/openssl.cnf (only affected non-standard usage of openssl in the cli/shell) #8059
- Fixed LDAP authentication when the server uses a globally trusted root CA (new CA selection for “Global Root CA List”) #8044
- Fixed issues creating a certificate with a wildcard CN/SAN #7994
- Added validation to the Certificate Manager to prevent importing a non-certificate authority certificate into the CA tab #7885
IPsec
- Fixed a problem using IPsec CA certificates when the subject contains multiple RDNs of the same type #7929
- Fixed an issue with enabling IPsec mobile client support in translated languages #8043
- Fixed issues with IPsec status display/output, including multiple entries (one disconnected, one connected) #8003
- Fixed display of multiple connected mobile IPsec clients #7856
- Fixed display of child SA entries #7856
OpenVPN
Traffic Shaping
- Fixed an error when configuring a limiter over 2Gb/s (new max is 4Gb/s) #7979
- Fixed issues with bridge network interfaces not supporting ALTQ #7936
- Fixed issues with vtnet network interfaces not supporting ALTQ #7594
- Fixed an issue with Status > Queues failing to display statistics for VLAN interfaces #8007
- Fixed an issue with traffic shaping queues not allowing the total of all child queues to be 100%#7786
- Fixed an issue with limiters given invalid fractional/non-integer values from limiter entries or passed to Captive Portal from RADIUS #8097
Rules/NAT
XMLRPC
WebGUI
- Added an option to disable HSTS for the GUI web server #6650
- Changed the GUI web service to block direct download of .inc files #8005
- Fixed sorting of Services on the dashboard widget and Services Status page #8069
- Fixed an input issue where static IPv6 entries allowed invalid input for address fields #8024
- Fixed a JavaScript syntax error in traffic graphs when invalid data is encountered (e.g. user was logged out or session cleared) #7990
- Fixed sampling errors in Traffic Graphs #7966
- Fixed a JavaScript error on Status > Monitoring #7961
- Fixed a display issue with empty tables on Internet Explorer 11 #7978
- Changed configuration processing to use an exception rather than die() when it detects a corrupted configuration
- Added filtering to the pfTop page
- Added a means for packages to display a modal to the user (e.g. reboot required before package can be used)
Dashboard
- Fixed display of available updates on the Installed Packages Dashboard widget #8035
- Fixed a font issue in the Support Dashboard widget #7980
- Fixed formatting of disk slices/partitions in the System Information Dashboard widget
- Fixed an issue with the Pictures widget when there is no valid picture saved #7896
Packages
Misc
- Fixed interface binding in ntpd so it does not erroneously listen on all interfaces #8046
- Fixed a problem where restarting the syslogd service would make sshlockout_pf process orphans #7984
- Added support for the ClouDNS dynamic DNS provider #7823
- Fixed an issue in the User and Group Manager pages when operating on entries immediately after deleting an entry #7733
- Changed the setup wizard so it skips interface configuration when run on an AWS EC2 Instance#6459
- Fixed an IGMP Proxy issue with All-multicast mode on SG-1000 #7710
- pfSense® CE 2.5.0 Beta
- pfSense® CE 2.4.3: note di rilascio
- pfSense® CE 2.4.2: note di rilascio
- pfSense® CE 2.4.1: note di rilascio
- pfSense® CE 2.4: note di rilascio
- pfSense® CE 2.3.3: note di rilascio
- pfSense® CE 2.3.2: note di rilascio
- pfSense® CE 2.3.1: note di rilascio
- pfSense® CE 2.3: note di rilascio
- pfSense® CE 2.2.5: note di rilascio
- pfSense® CE 2.2: note di rilascio
- pfSense® CE 2.1.5: note di rilascio
- pfSense® CE 2.1.4: note di rilascio
- pfSense® CE 2.1.3: note di rilascio
- pfSense® CE 2.1.2: note di rilascio
- pfSense® CE 2.1.1: note di rilascio
- pfSense® CE 2.1: note di rilascio
- pfSense® CE 2.0.3: note di rilascio
- pfSense® CE 2.0.2: note di rilascio
- pfSense® CE 2.0.1: note di rilascio
- Caratteristiche principali