Software-update: pfSense Plus 26.03.1

Netgate heeft versie 26.03.1 van pfSense Plus uitgebracht. Dit pakket is gebaseerd op het besturingssysteem FreeBSD en richt zich op router- en firewalltaken. Het is verkrijgbaar in de gratis Community Edition en een Plus-uitvoering, die voorheen als Factory Edition werd aangeboden. De Plus-uitvoering draait op de hardware die Netgate aanbiedt, als virtuele machine in AWS of Azure. In tegenstelling tot de Community Edition is het echter geen open source.

Het is in 2004 begonnen als een afsplitsing van m0n0wall vanwege verschillende visies bij de ontwikkelaars en in de loop van de jaren uitgegroeid tot een router- en firewallpakket dat in zowel kleine als zeer grote omgevingen kan worden ingezet. Voor meer informatie verwijzen we naar deze pagina. De changelog voor deze uitgave ziet er als volgt uit:

Security/Errata

This release contains several security fixes, some of which were previously released via the Recommended System Patches feature of the System Patches Package.

• pfSense-SA-26_03.webgui - Potential Stored XSS in diag_arp.php when using ISC DHCP #16763
• pfSense-SA-26_04.webgui - Potential XSS in RSS Widget feed content post titles #16770
• pfSense-SA-26_05.webgui - Potential XSS in Captive Portal widget #16773
• Several security and errata fixes were merged from FreeBSD, including fixes for vulnerabilities discovered in the DHCP client.
• Several base system packages were updated to address various upstream security issues.

pfSense Plus

Changes in this version of pfSense Plus software.

Aliases / Tables

• Changed: Increase amount of system alias content printed in alias list #16118

Authentication

• Fixed: LDAP shell authentication does not honor configured group DN restriction #16799

Captive Portal

• Fixed: Captive Portal authentication messages are not logged #16818
• Fixed: Potential XSS in Captive Portal widget #16773

Configuration Upgrade

• Fixed: Configuration upgrades fail to properly upgrade firewall rules for revisions 10.6 and 10.8 #16840

Console Menu

• Fixed: Repeatedly attempting to cancel console menu operations with Ctrl-C can drop the user into the password change flow #16782

Dashboard

• Fixed: Potential XSS in RSS Widget feed content post titles #16770

Diagnostics

• Fixed: Potential Stored XSS in diag_arp.php when using ISC DHCP #16763

Dynamic DNS

• Added: Log errors when determining the RFC2136 update source address #16819

IPsec

• Fixed: IPsec daemon can crash if a peer initiates two rekeys for the same child SA #16836

OpenVPN

• Fixed: Automatically generated vpn_networks table is missing OpenVPN networks #16795
• Fixed: All OpenVPN instances are restarted when applying changes to any assigned interface #16815

Operating System

• Fixed: Kernel panic due to race condition on a bpf device #16790

PHP Interpreter

• Fixed: NULL bytes in an IP address can trigger PHP errors from ip2long() #16771

Rules / NAT

• Added: Add MAP-E port set (PSID) support to manual outbound NAT rules #11901
• Fixed: Firewall rule source option This Firewall (self) is not available when duplicating floating rules #16729

User Manager / Privileges

• Fixed: Creating a new user ignores certificate checkbox value if the certificate fields are populated #16721

Wake on LAN

• Fixed: Links to send WOL packets are not handled consistently, may fail to send #16803