26.03.1 New Features and Changes

This is a software maintenance release with fixes for issues discovered in pfSense Plus software version 26.03.

See also

See 26.03 New Features and Changes for important information if upgrading from older releases.

Tip

Review the Upgrade Guide before performing any upgrade of pfSense software.

Security/Errata

This release contains several security fixes, some of which were previously released via the Recommended System Patches feature of the System Patches Package.

  • pfSense-SA-26_03.webgui - Potential Stored XSS in diag_arp.php when using ISC DHCP #16763

  • pfSense-SA-26_04.webgui - Potential XSS in RSS Widget feed content post titles #16770

  • pfSense-SA-26_05.webgui - Potential XSS in Captive Portal widget #16773

  • Several security and errata fixes were merged from FreeBSD, including fixes for vulnerabilities discovered in the DHCP client.

  • Several base system packages were updated to address various upstream security issues.

pfSense Plus

Changes in this version of pfSense Plus software.

Aliases / Tables

  • Changed: Increase amount of system alias content printed in alias list #16118

Authentication

  • Fixed: LDAP shell authentication does not honor configured group DN restriction #16799

Captive Portal

  • Fixed: Captive Portal authentication messages are not logged #16818

  • Fixed: Potential XSS in Captive Portal widget #16773

Configuration Upgrade

  • Fixed: Configuration upgrades fail to properly upgrade firewall rules for revisions 10.6 and 10.8 #16840

Console Menu

  • Fixed: Repeatedly attempting to cancel console menu operations with Ctrl-C can drop the user into the password change flow #16782

Dashboard

  • Fixed: Potential XSS in RSS Widget feed content post titles #16770

Diagnostics

  • Fixed: Potential Stored XSS in diag_arp.php when using ISC DHCP #16763

Dynamic DNS

  • Added: Log errors when determining the RFC2136 update source address #16819

IPsec

  • Fixed: IPsec daemon can crash if a peer initiates two rekeys for the same child SA #16836

OpenVPN

  • Fixed: Automatically generated vpn_networks table is missing OpenVPN networks #16795

  • Fixed: All OpenVPN instances are restarted when applying changes to any assigned interface #16815

Operating System

  • Fixed: Kernel panic due to race condition on a bpf device #16790

PHP Interpreter

  • Fixed: NULL bytes in an IP address can trigger PHP errors from ip2long() #16771

Rules / NAT

  • Added: Add MAP-E port set (PSID) support to manual outbound NAT rules #11901

  • Fixed: Firewall rule source option This Firewall (self) is not available when duplicating floating rules #16729

User Manager / Privileges

  • Fixed: Creating a new user ignores certificate checkbox value if the certificate fields are populated #16721

Wake on LAN

  • Fixed: Links to send WOL packets are not handled consistently, may fail to send #16803