pfSense 2.4.1 Security und Bugfix Update veröffentlicht

Kurz nach dem großen Update auf 2.4.0 der Open-Source Firewall, pfSense, wurde nun das Security und Bugfix Release 2.4.1 mit vielen Änderungen und Fehlerkorrekturen veröffentlicht.

pfSense Update 2.4.1
pfSense Update 2.4.1

pfSense 2.4.1 Release Notes

Security / Errata

  • Fixes for the set of WPA2 Key Reinstallation Attack issues commonly known as KRACK #7951
  • Changed upgrade handling to use the pkg-static binary to prevent errors when moving to new major FreeBSD version
  • Fixed a VT console race condition panic at boot on VMware platforms (especially ESXi 6.5.0U1) #7925
  • Fixed a bsnmpd problem that causes it to use all available CPU and RAM with the hostres module in cases where disk drives are present without media inserted #6882
  • Fixed an upgrade problem due to FreeBSD 11 removing legacy ada aliases, which caused some older installs to fail when mounting root post-upgrade #7937
  • Changed the boot-time fsck process the ensure the disk is mounted read-only before running fsck in the preen mode.

Known Issues

  • The VLAN changes mentioned in the Interfaces section may prevent PPP sessions from working on VLANs in some cases, see #7981


  • Changed the VLAN interface names to use the ‘dotted’ format of FreeBSD, which is shorter and helps to keep the interface name smaller than the limit (16) This fixes the 4 digit VLAN issues when the NIC name is 6 bytes long.
  • Improved the ‘Assign Interfaces’ console process to automatically stop when there are no more interfaces to assign
  • Improved the ‘Set interface IP address’ console process to accept ‘IP/mask’ notation
  • Fixed wireless client interfaces so they do not reconfigure wireless on a link up event, or else they can get stuck in a loop #7960
  • Fixed setting VLAN Priority in VLAN interface configuration #7748


  • Fixed a problem with the Picture Dashboard widget when it does not have a picture defined #7896
  • Fixed time display for UTC in the NTP Dashboard Widget #7714
  • Fixed an IPsec widget error when it would get back null data after a session ended #6318
  • Improved error checking to prevent dashboard widget parsing errors


  • Added an option for the DNS Resolver (Unbound) to serve expired records from the cache after their TTL expires which can improve speed in some cases #7814
  • Fixed the DNS Resolver (Unbound) to allow snoop from localhost by default, otherwise “dig +trace” or “drill -T” queries from the firewall itself fail #7884


  • Fixed XMLRPC Sync to prevent a lock that would never be unlocked
  • Fixed XMLRPC sync to ensure a proper empty array is returned instead of NULL, so that the last item of a section can be removed without error #7953


  • Fixed Captive Portal voucher test and expire pages #7939
  • Added UEFI 32 and UEFI 64 filenames defined inside a pool to dhcpd.conf #7949
  • Fixed operation of the “Reset All States on WAN IP Change” GUI setting #7921
  • Changed OpenVPN to retry client auth when it fails by default (auth-retry nointeract) #7506
  • Changed the Cryptographic Accelerator module options to allow both the AES-NI and Crypto modules to be loaded at the same time #7810
  • Added URL fingerprinting to the login page CSS
  • Added the device serial/id to the console and SSH menu banner #7968
  • Fixed “Unknown Step Values” in certain RRD graph cases #6860

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.

Adblock Detected!

Taste-of-IT ist nur machbar, wenn auch die Werbung angezeigt wird. Wir versuchen hierbei diese so dezent wie möglich einzubinden, sodass der Besuch nicht beeinträchtigt wird. Unterstütze uns und setze in die Whitelist deines Browser. Vielen Dank