2.3.2-p1 New Features and Changes

2.3.2 Update 1

  • FreeBSD-SA-16:26.openssl - Multiple vulnerabilities in OpenSSL. The only significant impact on pfSense is OCSP for HAproxy and FreeRADIUS.

  • Several HyperV-related Errata in FreeBSD 10.3, FreeBSD-EN-16:10 through 16:16. See https://www.freebsd.org/relnotes/10-STABLE/errata/errata.html for details.

  • Several built-in packages and libraries have been updated, including:

    • PHP to 5.6.26

    • libidn to 1.33

    • curl to 7.50.3

    • libxml2 to 2.9.4

  • The hardware serial number is now displayed in the system information widget, or a host UUID if a serial number is not found. This is for display purposes and facilitates users seeking support in identifying their hardware.

  • Added encoding to the ‘zone’ parameter on Captive Portal pages.

  • Added output encoding to diag_dns.php for results returned from DNS. #6737

  • Worked around a Chrome bug with regular expression parsing of escaped characters within character sets. Fixes “Please match the requested format” on recent Chrome versions. #6762

  • Fixed DHCPv6 server time format option #6640

  • Fixed /usr/bin/install missing from new installations. #6643

  • Increased filtering tail limit for logging so searching will locate sufficient entries. #6652

  • Cleaned up Installed Packages widget and HTML. #6601

  • Fixed widget settings corruption when creating new settings. #6669

  • Fixed various typos and wording errors.

  • Removed defunct links to the devwiki site. Everything is on https://www.netgate.com/docs/pfsense/ now.

  • Added a field to CA/Cert pages for OU, which is required by some external CAs and users. #6672

  • Fixed a redundant HTTP “User-Agent” string in DynDNS updates.

  • Fixed the font for sortable tables.

  • Added a check to verify if an interface is active in a gateway group before updating dynamic DNS.

  • Fixed wording of the “Reject leases from” option for a DHCP interface (it can only take addresses, not subnets.) #6646

  • Fixed error reporting for SMTP settings test.

  • Fixed saving of country, provider, and plan values for PPP interfaces

  • Fixed checking of invalid “Go To Line” numbers on diag_edit.php. #6704

  • Fixed off-by-one error with “Rows to Display” on diag_routes.php. #6705

  • Fixed description of the filter box on diag_routes.php to reflect that all fields are searchable. #6706

  • Fixed description of the box for the file to edit on diag_edit.php. #6703

  • Fixed description of the main panel on diag_resetstate.php. #6709

  • Fixed warning dialog when a box is unchecked on diag_resetstate.php. #6710

  • Fixed log shortcut for DHCP6 areas. #6700

  • Fixed the network delete button showing when only one row was present on services_unbound_acls.php #6716

  • Fixed disappearing help text on repeatable rows when the last row is deleted. #6716

  • Fixed dynamic DNS domain for static map DHCP entries

  • Added control to set dashboard widget refresh period

  • Added “-C /dev/null” to the dnsmasq command line parameters to avoid it picking up an incorrect default configuration which would override our options. #6730

  • Added “-l” to traceroute6 to show both IP Addresses and Hostnames when resolving hops on diag_traceroute.php. #6715

  • Added note about max ttl/hop limit in source comment on diag_traceroute.php.

  • Clarified language on diag_tables.php. #6713

  • Cleaned up the text on diag_sockets.php. #6708

  • Fixed display of VLAN interface names during console assignment. #6724

  • Fixed domain-name-servers option showing twice in pools when set manually.

  • Fixed handling of DHCP options in pools other than the main range. #6720

  • Fixed missing hostnames in some cases with dhcpdv6. #6589

  • Improved pidfile handling for dhcpleases.

  • Added checks to prevent accessing an undefined offset in IPv6.inc.

  • Fixed the display of the alias popup and edit options on source and destination for both the address and port on outbound NAT.

  • Fixed handling of backup config count. #6771

  • Removed some dangling PPTP references that are no longer relevant.

  • Fixed up/caught up remote syslog areas. Added “routing”, “ntpd”, “ppp”, “resolver”, fixed “vpn” to include all VPN areas (IPsec, OpenVPN, L2TP, PPPoE Server). #6780

  • Fixed missing checkboxes in some cases when adding rows on services_ntpd.php. #6788

  • Revised service running/stopped icons.

  • Added a check to CRL management to remove certificates from the drop-down list that are already contained in the CRL being edited.

  • Fixed rule separators moving when multiple firewall rules are deleted at the same time. #6801