pfSense Plus

Changes in this version of pfSense Plus software.

Aliases / Tables

  • Fixed: Editing an alias used in static routes does not correctly update the routing table #16407

Authentication

  • Added: PHP RADIUS client Message-Authenticator attribute capability #15952

  • Fixed: diag_authentication.php crashes with a core dump if RADIUS client Shared Secret value is not correct #16290

Build / Release

  • Added: Include System Patches package by default #16695

Certificates

  • Changed: Update certificate expiration warning behavior #16605

  • Added: Auto-renewal for certificates #16607

  • Changed: Improve handling of certificates without subjects #16657

  • Fixed: Creating a CA certificate with Trust Store checked is not trusted #16688

Configuration Backend

  • Fixed: Alerts do not trigger for empty configuration change descriptions #16557

  • Fixed: UTF-8 characters in configuration data can result in an invalid configuration #16661

  • Changed: Migrate config.xml encoding from ENT_HTML401 to ENT_XML1 #16745

DHCP (IPv6)

  • Fixed: Kea DHCPv6 Leases page does not include delegated prefixes from active dynamic leases #16697

  • Fixed: Potential XSS in Delegated Length value for Prefix Delegation on services_dhcpv6.php when using Kea #16744

DNS Forwarder

  • Fixed: PHP error when saving 2+ DNS Forwarder domain overrides via Nexus MIM API or GUI #16708

DNS Resolver

  • Added: Omit reserved NAT64 addresses from DNS64 answers #16534

  • Added: Omit NAT64 address for queries from the firewall itself #16615

Dashboard

  • Changed: Speed up MBUF Usage command in System Information Dashboard widget #15780

Dynamic DNS

  • Added: Allow wildcard records for Dynamic DNS provider deSEC.io #16666

  • Fixed: Dynamic DNS client ignores Verify SSL/TLS Certificate Trust option when the entry does not contain a username #16690

  • Fixed: Cannot update GoDaddy Dynamic DNS AAAA record #16731

Gateways

  • Changed: Remove custom gateway ordering #16559

  • Fixed: Inaccurate “No default gateway found” log message when the default gateway is set to automatic #16681

Hardware / Drivers

  • Fixed: bxe kernel module for 2.5G SGMII (SFP GPON ONT) is not present #16585

  • Added: Option to deactivate ALTQ for VirtIO vtnet interfaces #16166

IPsec

  • Fixed: Cannot disable IPsec Advanced Settings tab option for Strict Interface Binding #16709

Interfaces

  • Changed: Do not add fe80::1:1 link-local address to interfaces configured for IPv6 tracking #16567

  • Fixed: Interfaces menu does not use natural sorting when configured to sort alphabetically #16654

Logging

  • Fixed: Firewall log always shows rules with Reject action under “Associated Rules” #16644

OpenVPN

  • Changed: Automatically configure the OpenVPN tunnel MTU when set in the assigned interface configuration #16658

  • Fixed: Automatic gateways for OpenVPN peer-to-peer servers with a /30 tunnel network do not use the peer address #16705

Operating System

  • Added: Update the SSH server configuration to current standards and include post-quantum cryptography algorithms #16423

PHP Interpreter

  • Changed: Upgrade PHP to 8.5.x #16668

PPP Interfaces

  • Fixed: PPPoE on VirtIO vtnet interface fails to pass routed traffic #16638

Package System

  • Changed: Prevent the GUI from removing vital packages #16538

  • Fixed: RAM disk package data is not preserved for additional packages #16724

Rules / NAT

  • Changed: Add label to automatic PF antispoof, CARP, Captive Portal, and ICMPv6 rules #16653

  • Fixed: Firewall rules matching and tagging across distinct anchors are ignored by subsequent tagged rule #16672

Services

  • Fixed: isvalidpid() function does not properly check or escape PID file parameter #16743

System Logs

  • Changed: Set appropriate log levels for PHP and /usr/bin/logger logs #16515

  • Added: Option to set a default log level for all logs #16616

  • Fixed: daemon facility messages are not logged #16682

Virtual IP Addresses

  • Fixed: IPv6 IP Alias VIPs are not added to PPPoE interfaces #16594

  • Fixed: GUI does not prevent adding a VIP with a blank address #16610

Web Interface

  • Added: Sort list of System Tunables #15221

  • Changed: Require absolute path when saving a file on diag_edit.php #16580

  • Changed: Remove dead link about .local TLD use from system.php #16620

  • Fixed: GUI performance degradation due to check for weak passwords on each page load #16720