2.3.1 New Features and Changes

From PFSenseDocs
Jump to: navigation, search

Security/Errata

Config Upgrade

  • Fixed config upgrade for CARP VIPs on gateway groups, GRE and gif for uniqid format. #6222
  • Fixed config upgrade for IP aliases with CARP IP parent. #6164
  • Correct OpenVPN topology config upgrade to retain 2.2.x and prior net30 topology. #6140
  • Correct and adjust apinger parameters to dpinger parameters automatically on upgrade. #6142

Gateways

  • Fix static route for IPv6 monitor IP with link-local gateway. #6353
  • Fix default gateway switching with IPv6 and link-local gateways. #6258

OS / Backend

  • NanoBSD is now permanent read-write, to avoid issues with slow rw->ro mount times and systems getting stuck read-only mounted. #6184
  • Systems using a RAM disk for /var/ have their alias tables backed up and restored during bootup. #6189
  • Set console settings (serial configuration, password protection, etc.) post-upgrade. #6120
  • Ensure package repo is updated with latest metadata when checking for latest version. #6115
  • Display consistent firmware version on dashboard and in update checker. #6320
  • Correct description of update branch options. #6136
  • Prevent update checking failures from killing webGUI. #6177
  • Make pkg use configured proxy server settings where they exist. #6149

Web GUI

  • Fix row delete button on unsaved aliases, NTP, UPnP and other screens. #6101
  • Captive portal MAC passthrough credits waiting period box restored. #6290
  • Outbound NAT edit screen destination field alias auto-completion restored. #6287
  • Captive portal allowed IPs direction selection on edit fixed. #6267
  • Restored input validation on port forwards to prohibit IPv6. #6265
  • Restored input validation on firewall rules to prohibit IPv6 IPs in IPv4 rules and vice versa. #6211
  • Fixed PHP error on edit of PPP interfaces. #6264
  • Fixed radio button placement on gateways dashboard widget settings. #6259
  • Fixed display post-refresh of system information dashboard widget. #6251
  • Restored in/out bytes counters on Status>Interfaces. #6244
  • Correctly show and hide OpenVPN topology field as applicable. #6236 #6214
  • Correct voucher character set input validation. #6231
  • Disable background update checking on dashboard update check is disabled. #6212
  • Restore input validation of IP address family and rule type, verifying IPv6 IPs with IPv6 rules, and IPv4 for IPv4 rules. #6218
  • Add validation of address family and protocol combinations on packet capture page. #6219
  • Add validation of IP aliases with CARP parent interfaces to ensure matching address family. #6218
  • Restore GET parameters on status_graph.php. #6192
  • Fixed PHP error on input validation failure with floating rules in some cases. #6175
  • Use CDATA for firewall rule separator descriptions so non-English characters work. #6174
  • Fix port forward edit destination field filling when virtual IPs configured. #6173
  • Fix load balancer monitor edit. #6171
  • Restore "none" in load balancer fall-back pool. #6170
  • Restore use of aliases in load balancer. #6169
  • Fix duplicate for load balancer pools and virtual servers. #6168
  • Restore description field on lagg edit page. #6163
  • Fix saving of bogons update frequency. #6162
  • Restore description field on captive portal IP passthrough. #6161
  • Fix saving of sticky connections timeout field. #6146
  • Show all restore areas in backup/restore screen. #6144
  • Fix moving of rule separator before saving. #6128
  • Use consistent up and down arrow formats on dashboard widgets. #6123
  • Fix typo on OpenVPN server description. #6102
  • Fix missing string on notification "mark as read" button. #6104
  • Fix firewall rule separator positioning with easy rule addition. #6105
  • Prevent closing of info box on monitoring page. #6106
  • Add custom date range option to monitoring page.
  • Use infoblock on IPsec PSK screen. #6107
  • Fixed loss of "Do not NAT" enable on edit on outbound NAT. #6112
  • Correct label of 1:1 NAT edit screen. #6114
  • Add AJAX updates to NTP status page. #6117
  • Fix button spacing on Edit File and Command pages. #5995
  • Fix specification of port in DNS Resolver domain overrides. #6091
  • Fix moving of multiple items to bottom of list on firewall, NAT and IPsec screens. #6092
  • Fix setup wizard with only WAN assigned and using static IP. #6093
  • Remove logo from wizard since it's now redundant. #6095
  • Fix gateway widget cut-off with 3 column dashboard. #6096
  • Fixed force update on RFC 2136 DDNS. https://redmine.pfsense.org/issues/6359
  • Fix reboot prompt when changing RAM disk setting and encountering an input error. #6349
  • Fix highlighted tab when editing IPsec mobile P1. #6341
  • Fix selection of configured speed and duplex on interface page. #6331
  • Fix division by zero in status_queues.php. #6329
  • Fix alignment issues in forms. #6327
  • Fix entry of CIDR range in host aliases for conversion to IPs. #6322
  • Allow use of # and ! again in DNS Forwarder domain overrides. #6310
  • Restored hostname infobox in menu bar. #6306
  • Fixed editing and deleting of additional DHCP pools. #6303
  • Fixed requests to diag_system_activity.php piling up on slow systems. #6166

Interfaces

  • Unset LAN DHCPv6/RA configuration if LAN interface is removed. #6152

IPsec

  • Fix starting of strongswan twice. #6160

DNS Resolver

  • Switched domain overrides from stub-zone to forward-zone so domain overrides don't require the target server provide recursion. #6065
  • Allow adding 0.0.0.0/0 to access lists. #6073
  • Added 100,000 and 200,000 options for Unbound cache limit. #6230
  • Fix Unbound startup where both DNS Forwarder and Resolver are enabled. #6354

DHCP Server

  • Hostnames now allowed for NTP servers. #6239

IPsec

  • Fixed LAN interfaces stopping functioning when IPsec is in use. #6296
  • Mobile PSK matching issue with multiple PSKs fixed. #6286
  • leftsendcert=always specified for all RSA types. #6082
  • rc.newipsecdns fixed to check correct enabled status. #6351

Notifications

  • Fixed growl notifications to unresolvable hostname generating crash report. #6187
  • Fixed growl notification test with no password. #6221

Captive Portal

  • Fixed error handling captive portal username with single quote. #6203
  • Fixed issues with mixed-case zone names. #6278

OpenVPN

  • Prevent leading space in tunnel network configuration causing invalid configuration. #6198

User Manager

  • Fix RADIUS login with attribute class (25) when the server returns multiple attribute entries with different data. #6086
  • Honor deny config write for RADIUS users. #6088

Package System

  • Uninstall all packages pre-upgrade from <= 2.2.x to 2.3 to avoid problems from old packages. Reinstall them post-upgrade. #6137
  • Fix reinstall of renamed packages post-upgrade to 2.3. #6118
  • Fix package reinstallation getting stuck in loop when there is no Internet connectivity post-upgrade. #6180

Other

  • Removed lua support from nginx to not deprecate old CPUs lacking CMOV support. #6185
  • Added validation to console menu interface assignment to prevent creating duplicate VLANs. #6183
  • Blacklisted S.M.A.R.T. options with Hyper-V to prevent crash. #6147
  • Silence SSH host key log spam. #6143
  • Fix order of gateway and gateway group name in gateway down log message. #6134
  • Allow use of @ in hostname field for Namecheap DDNS. #6122
  • Fix console error where $nat_if_list isn't an array. #6307
  • Include patch number in version display. #6309
  • Fix pw groupdel error in log during boot. #6352
  • Fixed stale xmlrpc.lock preventing config sync from functioning. #6328
  • Fixed failed chown on startup with /var as a RAM disk. #6131
  • Crash reporter now ignores warnings in release versions. #6178
  • Fixed crash reporter to show full PHP warnings in development versions. #6097

Update 1

2.3.1 update 1 (2.3.1_1) was released on May 25, 2016 with the following fixes/changes since 2.3.1-RELEASE.

  • Security issue pfSense-SA-16_05.webgui patched.
  • Lowered default LDAP timeout from 25 seconds to 5 seconds. #6367
  • Fixed handling of IPsec negotiation mode with IKE version set to auto. #6360
  • Increase PHP's memory limit to 512 MB on 64 bit versions to better accommodate systems with a large number of active states. #6364
  • Set request_terminate_timeout the same as max_execution_time to prevent many possible circumstances of "504 gateway error" from occurring. #6396
  • Fix use of URL IP type aliases in firewall rules. #6403
  • Fix show/hide fields Javascript in Chrome on Mac OS X. #6401
  • Fixed save of "IPv6 over IPv4 Tunneling" address on System>Advanced, Networking. #6381

Update 2 through 4

These were internal-only versions that weren't publicly-released.

Update 5

2.3.1 update 5 (2.3.1_5) was released on June 16, 2016 with the following fixes/changes since 2.3.1_1.

  • Fixed command injection vulnerability in auth.inc via User Manager. #6475
  • Fixed command injection vulnerability in pkg_mgr_install.php id parameter. #6474
  • Upgraded PHP to 5.6.22
  • Fixed Captive Portal redirect hangs caused by longer keepalive_timeout in nginx. #6421
  • Fixed DDNS PTR zone in dhcpd.conf with third octet of 0. #6413
  • Fixed save and reset buttons on load balancer status page. #6254
  • Fixed schedule editing on firewall rules page. #6428
  • Allow "-" character in TFTP server field on DHCP Server page. #6433
  • Allow "-" and "_" characters in system tunables. #6438
  • Fixed changing of link type on PPPs edit screen. #6439
  • Fixed setting of "RADIUS issued IPs" on L2TP page. #6440
  • Restored apply changes button for interface mismatch post-config restore. #6460
  • Fixed display of Outbound NAT port aliases. #6463
  • Fixed schedule edit allowing invalid time range. #6468