The 2.1.5 release follows shortly after 2.1.4 and is primarily a security release.

Security Fixes

Other Fixes

  • Handle a missing DHCPD config section properly during a configuration upgrade
  • Fix a regression that broke CARP+IP alias VIP functionality
  • Fix the Pass, Block, Reject and Interface filters in the Firewall Logs Widget [#3725]
  • Use HTTPS for dyndns providers that support it
  • Avoid resetting the firewall hostname from a WAN DHCP server [#3746]
  • Add missing qlimit keyword in some shaper rules
  • Change Cancel button to call history.back() when editing firewall aliases to fix issues with IE 11 [#3728]
  • Allow hostnames in bulk import since they are valid entries in a network type alias
  • Fix input validation logic on diag_testport.php, escape more shell arguments for good measure
  • Escape the individual dnsmasq advanced/custom options
  • Encode the detail field of an alias entry before displaying its contents back to the user
  • Encode interface/VIP descriptions before displaying them on the NTP daemon settings, and GIF/GRE interfaces
  • Per the dhcpd.conf man page and other documentation from ISC, mclt must not be defined on the secondary
  • Shorten the wait at “reload” in startup wizard to 5 seconds from 60
  • Do not execute DNS lookups on GET, only pre-fill Host box so the user can press the button to execute
  • Turn alias creation links from DNS lookups into submit buttons for POST
  • Remove javascript alert DNS resolution action from the firewall log view. It was already removed from 2.2, and it’s better not to allow a GET action to perform that action
  • Require click-through POST confirmation when restoring or deleting a configuation from the backup history page
  • Avoid a “Cannot use string offset as an array” error if the packages section of the config is missing
  • Avoid generating an invalid IPsec (racoon) config if the user specified a mobile pool that is too small
  • IPsec phase 2 pinghost was not used if the source IP was a virtual IP address [#3798]
  • Move dhcp6c log to dhcpd.log [#3799]
  • Do not reset source and destination port range values when it’s an associated rule created by NAT port forward. [#3778]
  • Added filter.so to list of extensions loaded for filter_var() support.
  • The pfSense PHP module was setting the subnet mask of lo0 to /0, which could break some routes and cause other unintended routing side effects.

Share this post