2.4.2 New Features and Changes

From pfSense Documentation
Revision as of 16:22, 10 November 2017 by Jimp (talk | contribs) (Created page with "Category:FAQCategory:Releases {{Warn|center|100|This version is still under development. The contents of this page may change at any time.}} =Security / Errata= * Fix...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Important30.png WARNING Important30.png
This version is still under development. The contents of this page may change at any time.

Security / Errata

  • Fixed a potential XSS vector in status_monitoring.php #8037
  • Fixed a potential XSS vector on index.php via widget sequence parameters #8000
  • Fixed a potential XSS in the widgetkey parameter of multi-instance dashboard widgets #7998

Known Issues


  • Fixed PPP interfaces with a VLAN parent when using the new VLAN names #7981
  • Fixed issues with QinQ interfaces failing to show as active #7942
  • Fixed a panic/crash when disabling a LAGG interface #7940
  • Fixed issues with LAGG interfaces losing their MAC address #7928
  • Fixed a crash in radvd on SG-3100 (ARM) #8022
  • Fixed an issue with UDP packet drops on SG-1000 #7426
  • Added an interface to manage the buil-tin switch on the SG-3100

Operating System

  • Fixed issues resulting from having a manually configured filesystem layout with a separate /usr slice #8065
  • Fixed issues updating ZFS systems created ZFS using an MBR partition scheme (empty /boot due to bootpool not being imported) #8063
  • Fixed issues with BGP sessions utilizing MD5 TCP signatures in routing daemon packages #7969
  • Updated dpinger to 3.0
  • Enhanced the update repository selection choices and methods


  • Fixed invalid entries in /etc/ssl/openssl.cnf (only affected non-standard usage of openssl in the cli/shell) #8059
  • Fixed LDAP authentication when the server uses a globally trusted root CA (new CA selection for "Global Root CA List") #8044
  • Fixed issues creating a certificate with a wildcard CN/SAN #7994
  • Added validation to the Certificate Manager to prevent importing a non-certificate authority certificate into the CA tab #7885


  • Fixed a problem using IPsec CA certificates when the subject contains multiple RDNs of the same type #7929
  • Fixed an issue with enabling IPsec mobile client support in translated languages #8043
  • Fixed issues with IPsec status display/output, including multiple entries (one disconnected, one connected) #8003
  • Fixed display of multiple connected mobile IPsec clients #7856
  • Fixed display of child SA entries #7856

Traffic Shaping

  • Fixed an error when configuring a limiter over 2Gb/s (new max is 4Gb/s) #7979
  • Fixed issues with bridge network interfaces not supporting ALTQ #7936
  • Fixed issues with vtnet network interfaces not supporting ALTQ #7594
  • Fixed an issue with Status > Queues failing to display statistics for VLAN interfaces #8007
  • Fixed an issue with traffic shaping queues not allowing the total of all child queues to be 100% #7786


  • Fixed selection of IPv6 gateways when creating a new firewall rule #8053
  • Fixed errors on the Port Forward configuration page resulting from stale/non-pfSense cookie/query data #8039
  • Fixed setting VLAN Priority via firewall rules #7973


  • Fixed a problem with XMLRPC synchronization when the synchronization user has a password containing spaces #8032
  • Fixed XMLRPC Issues with Captive Portal vouchers #8079


  • Added an option to disable HSTS for the GUI web server #6650
  • Changed the GUI web service to block direct download of .inc files #8005
  • Fixed sorting of Services on the dashboard widget and Services Status page #8069
  • Fixed display of available updates on the Installed Packages Dashboard widget #8035
  • Fixed an input issue where static IPv6 entries allowed invalid input for address fields #8024
  • Fixed a JavaScript syntax error in traffic graphs when invalid data is encountered (e.g. user was logged out or session cleared) #7990
  • Fixed a font issue in the Support Dashboard widget #7980
  • Fixed sampling errors in Traffic Graphs #7966
  • Fixed a JavaScript error on Status > Monitoring #7961
  • Fixed a display issue with empty tables on Internet Explorer 11 #7978


  • Fixed display of packages which have been removed from the repository in the Package Manager #7946
  • Fixed an issue displaying locally installed packages when the remote package repository is unavailable #7917


  • Fixed interface binding in ntpd so it does not erroneously listen on all interfaces #8046
  • Fixed a problem where restarting the syslogd service would make sshlockout_pf process orphans #7984
  • Added support for the ClouDNS dynamic DNS provider #7823
  • Fixed an issue in the User and Group Manager pages when operating on entries immediately after deleting an entry #7733
  • Changed the setup wizard so it skips interface configuration when run on an AWS EC2 Instance #6459