2.3.4 New Features and Changes¶
Security / Errata¶
Updated base OS to FreeBSD 10.3-RELEASE-p19
FreeBSD/ports Security Advisories
Updated ntpd to 4.2.8p10_2 FreeBSD-SA-17:03.ntp.asc
Updated cURL to 7.54.0 ( CVE-2017-7407, CVE-2017-7468 )
Updated libevent to 2.1.8 ( CVE-2016-10197, CVE-2016-10196, CVE-2016-10195 )
pfSense® Software Advisories
Fixed encoding of displayed values from DHCP leases to prevent a badly formatted DHCP lease hostname from causing a potential XSS #7497 (pfSense-SA-17_04.webgui)
See the Certificates section below for an important note about GUI certificate errors on Chrome 58 and later
Certificates¶
Improved certificate generation to always include the CN as the first Subject Alternative Name (SAN), which fixes issues with Chrome 58+ #7496
To work around an error with the firewall GUI certificate on Chrome 58+, take one of the following actions:
Generate and activate a new GUI certificate automatically, from the console/shell: pfSsh.php playback generateguicert
Utilize the ACME package to generate a trusted certificate for the GUI via Let’s Encrypt
Create a own new CA/Server certificate and use that for the GUI
Fixed linking of a certificates to its CA after submitting the signed version of a CSR #7512
Firewall Rules/NAT/Shaper¶
Fixed restarting the Load Balancer (relayd) clearing system tables/aliases #7396
Fixed ruleset generation to notify when an unresolvable alias is encountered by the parser #7421
Fixed handling of a rule using an empty port alias #7428
Fixed the traffic shaping wizard handling of SMB rules in Raise/Lower Other Protocols, it was producing an invalid rule #7434
Fixed handling of alias renaming after input validation #7473
Fixed handling of long rule descriptions #7294
Dashboard¶
Improved formatting in the gateways widget by reducing the numeric precision of displayed values #6841
Fixed the NTP widget to show the server time instead of client time #7245
Added a “None” option to Widgets with filtering options #7318
Added PPPoE uptime display on the Interfaces dashboard widget #6032
Added filters to more dashboard widgets #7122
Added BIOS information to the System Information widget
Added Netgate Unique ID to the System Information widget
Note
This identifier for support services is only displayed on the Dashboard for information purposes and is not transmitted anywhere automatically by default. In the future, customers can use this identifier when requesting support information from Netgate staff or systems.
Configuration¶
Interfaces¶
Changed interface handling so it retains the original vendor MAC address at power up when spoofing, so it can be restored without a reboot #7011
Fixed interface assignment of QinQ interfaces #4669
Fixed errors in PPP service provider selection when a country without providers is selected #7399
Fixed input handling when editing static IP address fields on interfaces #7493
Added the ability for DHCP Client WANs to specify a list of IP addresses from which to reject leases #7510
User Manager / Authentication¶
General GUI¶
DHCP¶
Changed dhcpleases so it does not start when DHCP Relay is enabled #6750
Fixed checks for DHCP Relay being enabled/disabled so they are skipped when editing an additional pool
ARP / NDP¶
Misc¶
Fixed DNS issues when upgrading NanoBSD #7345
Fixed the Reset Demotion Status for CARP to function when the demotion value is negative #7424
Fixed editing of Host Overrides in the DNS Resolver/Forwarder pages #7435
Fixed service handling (start/stop/restart) for Captive Portal #7444
Fixed display of the ALTQ “queue” view in pfTop due to recent changes in the pfTop port #7461
Added support for the Dynamic DNS Client Hover #7511
Fixed UTF-8 handling in Base64 decoding on diag_edit.php
Fixed handling of traffic graph data irregularities #7515
Added visual separation to the legend on the installed packages list #7203
Changed SMTP and Growl notification test to use the new, unsaved settings #7516